skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

Russia, Ukraine, Germany, Turkey, Japan, and Bulgaria report outbreaks of "BadRabbit," a malware strain that's acting like ransomware (or pseudoransomware). GroupIB thinks BadRabbit, which hit yesterday, looks like a Petya offspring. The largest single disruption so far appears to be in Ukraine, where Odessa's airport has had to curtail operations and increase security. Russian news agencies Interfax and Fortanka were also hit yesterday morning, as (reportedly) were two other media outlets as yet unnamed.

BadRabbit's victim landing page is demanding approximately $283 to recover files, but the situation is still developing and it remains to be seen whether this is a genuine extortion play, pseudoransomare aimed at disruption, or some mix of both. US-CERT advises against paying the ransom. If the perceived similarity to Petya and NotPetya holds, BadRabbit can be expected to continue its rapid spread. Attribution at this stage is mere speculation.

The Lazarus Group North Korean threat actor is reported to have taken control of a number of servers in India. The servers aren't the ultimate target. Rather they constitute a platform from which other cyberattacks can be launched.

DUHK (Don't Use Hard-coded Keys, acronym pronounced "duck") attacks against devices using the ANSI X9.31 random number generator are being reported.

Kaspersky Lab maintains its innocence of spying. The company says the NSA contractor (or employee—accounts now differ) mentioned as the source of sensitive leaked files backdoored his own machine by downloading and installing malicious pirated software.

In industry news, SecureBox announces a $150 million funding round.

Notes.

Today's issue includes events affecting Australia, Bulgaria, European Union, Germany, India, Democratic People's Republic of Korea, Japan, Russia, Turkey, Ukraine, United Kingdom, United States.

Maturing a threat intelligence program.

Whether you are getting started with threat intelligence or seeking to expand an existing program, the Threat Intelligence Maturity Model provides a systematic guide to help you understand where your organization resides on the path to a mature threat intelligence program. Download this white paper to learn how to apply threat intelligence to identify adversaries, prioritize your efforts, and take decisive action to keep your business on course.

In today's podcast we speak with our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan reviews a list of security tips sent over by our friends at IBM. Our guest is Scott Kaine, CEO of Delta Risk, who'll talk us through the security issues surrounding cloud migration.

Earn a master’s degree in cybersecurity from SANS (Online, October 30, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Monday, October 30th, at 3:00 pm ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Dateline ICS Security Conference

The Iranians know about the lack of security in Level 0,1 devices (Control Global) Early yesterday morning, I received a Linked-in “Like” of my Defcon presentation on the lack of ICS cyber security of Level 0,1 devices from a Senior Technical Support Engineer from an infrastructure company in IRAN.

Industrial and Critical Infrastructure Networks Are Ripe Targets for Cyberattackers, According to New Risk Data from CyberX (PRNewswire) CyberX, the industrial cybersecurity company safeguarding ICS infrastructures...

Cyber Attacks, Threats, and Vulnerabilities

Multiple Ransomware Infections Reported (US-CERT) US-CERT has received multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world.

New wave of cyber attacks hits Russia, other nations (Reuters) Cyber attacks using malware called "BadRabbit" hit Russia and other nations on Tuesday, affecting Russian Interfax news agency and causing flight delays at Ukraine's Odessa airport.

BadRabbit ransomware attacks multiple media outlets (CSO Online) On Tuesday, Russian media outlet Interfax said in a statement their servers were offline, due to a virus attack. The news agency shifted their reporting efforts to Facebook while they work to recover. A short time later, Russian security firm Group-IB posted a screenshot of the ransomware in action, calling it BadRabbit. Here's everything that's known so far.

'Bad Rabbit' Ransomware Attacks Rock Russia, Ukraine - and Beyond (Dark Reading) Attack employs new version of infamous NotPetya ransomware used in June attacks on Ukraine targets.

BadRabbit Ransomware Attacks Hitting Russia, Ukraine (Threatpost) A ransomware attack called BadRabbit has put a halt to business inside a handful of Russian and Ukrainian businesses.

New Ransomware ‘Bad Rabbit’ Spreading Quickly Through Russia and Ukraine (Motherboard) There’s a potentially massive new ransomware spreading in eastern Europe.

New malware 'BadRabbit' strain attacks hit Russia, other nations (CRN Australia) Is 'BadRabbit' the new NotPetya?

Bad Rabbit ransomware outbreak (Naked Security) The Bad Rabbit ransomware outbreak is spreading into Europe from Russia

BadRabbit ransomware spreading in Russia and the Ukraine, vaccine posted (SC Media US) Several Russian news agencies and other targets in the Ukraine have reportedly being hit with cyberattacks, which the security firm GroupIB believes to be based on a new variant of Petya called BadRabbit.

An Aftershock of NotPetya Ransomware Sweeps Russia and Ukraine (WIRED) "BadRabbit," linked to the authors of NotPetya, hits hundreds of victims, including subways, an airport, and media firms.

Ukraine airport says tightened security after cyber attack (Reuters) Ukraine's Odessa airport said on Tuesday it had tightened security measures after being hit by a cyber attack, while the metro system in Kiev also reported a hack on its payment system.

Kaspersky detects Lazarus-controlled servers in India (The Economic Times) Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor's global command and control infrastructure, the software company said.

Kim Jong-un could attack the West without firing a missile (NewsComAu) NORTH KOREA is capable of unleashing a chaotic attack on Australia or the United States without launching a single missile.

Reaper, a massive new botnet, is a cyberattack waiting to happen (ZDNet) Reaper is on track to become one of the largest botnets recorded in recent years — and yet nobody seems to know what it will do or when. But researchers say the damage could be bigger than last year's cyberattack.

Reaper IoT Botnet (eSentire Managed Detection and Response) Researchers have discovered a large “Internet of Things” (IoT) botnet with similarities to Mirai. Known as “IoT Troop” or “Reaper”, this threat targets IoT devices by exploiting vulnerabilities on internet connected devices such as IP cameras and consumer grade routers.

DUHK attack recovers secret keys from Fortinet devices (iTnews) "Absurd" flaw in government-certified crypto.

DUHK Attack Exposes Gaps in FIPS Certification (Threatpost) The DUHK Attack leverages a 20-year-old random number generator flaw to recover private keys. More pertinent, researchers said, is that the flaw exposes gaps in the FIPS certification process.

DUHK attack, continuing a week of named issues (SANS Internet Storm Center) DUHK (Don't Use Hard-coded Keys) is an attack that exploits devices that use the ANSI X9.31 Random Number Generator and have a hard-coded key. Turns out that hard-coded crypto keys are not that uncommon in products.

FIN7 Spear Phishing Attacks Now Aim At Avoiding Detection (HackRead) The FIN7 hacking group has been targeting organizations from the retail sector of late, and Security Research Team from ICEBERG was busy tracking the activ

Nearly undetectable Microsoft Office exploit installs malware without an email attachment (TechRepublic) Security firm Sophos uncovered a zero day exploit that targets a 24-year-old data exchange protocol, and it can be used to silently attack machines with very little means of detection.

Banking Trojan Uses Malware Macros to Evade Sandbox Detection (Security Intelligence) Security researchers observed a spam campaign that leverages PowerShell's AutoClose feature to deliver a banking Trojan while eluding sandbox detection.

Magnitude EK Targets South Korea with Language-Specific Ransomware (Infosecurity Magazine) The Magniber ransomware payload won’t execute if the system language is not Korean.

Dell Lost Control of Key Customer Support Domain for a Month in 2017 (KrebsOnSecurity) A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned.

APNIC Whois Database Password Hashes Were Available for Download (BleepingComputer) The Asia-Pacific Network Information Centre (APNIC), the organization that manages domain name information for the Asia-Pacific region, fixed on Monday an error that exposed password hashes needed to access and edit domain ownership details.

Offshore Law Firm Braces for Publicity Bombshell After Security Incident (Infosecurity Magazine) Offshore Law Firm Braces for Publicity Bombshell After Security Incident. Appleby’s clients include super rich and large corporations

Cosmetics Brand Tarte Exposed Personal Information About Nearly 2 Million Customers (Gizmodo) Tarte Cosmetics, a cruelty-free cosmetics brand carried by major retailers like Sephora and Ulta, exposed the personal information of nearly two million customers in two unsecured online databases.

Cyber Trends

Immersive technologies are game changers for cybersecurity job growth (Help Net Security) 74% say that the use of gaming and VR technology in the fight against cybercrime would increase the likelihood of them pursuing a cybersecurity career.

Modern Cybersecurity Totally Futile in Quantum Computing Era (MarketWatch) Quantum computing uses the power of atoms to perform memory and processing tasks and remains a theoretical concept.

GDPR and Reputation Loss Bother Businesses (Infosecurity Magazine) 39% of European respondents identified GDPR as a business risk, compared to PCI DSS and ISO 27001/2.

Marketplace

DoD acquisition ‘slow by design,’ can’t handle cybersecurity defense (FederalNewsRadio.com) It's designed to develop weapons systems while holding to competition, transparency and integrity, but it can’t keep up with cybersecurity defense.

Fifth annual survey by Raytheon, Forcepoint and NCSA finds young adults' interest in cybersecurity careers stagnant (Business Insider) An annual survey commissioned by Raytheon Intelligence, Information and Services, Forcepoint and the National Cyber Security Alliance (NCSA) revealed that despite increased awareness of what a career in cybersecurity might look like, millennials remain unprepared for and uninterested in pursuing a career in the field.

Why one top cybersecurity official thinks millennials aren't flocking to her industry (Washington Business Journal) Government contracting executives say the lack of trained cybersecurity talent among millennials could turn into a national security issue.

Women in Cybersecurity DC Event (null) Diversity in the workforce and being able to support other women in the security field are really important initiatives. Diversity drives creativity and innovation, and companies that support diversity tend to grow, expand, remain competitive, and deliver more meaningful solutions to the marketplace.

Skybox Security Raises $150 Million Led by CVC Capital Partners' Growth Fund with Participation from Pantheon (Globe Newswire) Skybox(TM) Security, a global leader in cybersecurity management, announced today the company signed a definitive agreement to receive a $150 million growth equity investment led by CVC Capital Partners' Growth Fund (CVC Growth) for $100 million, with participation from Pantheon for $50 million.

Kevin Mitnick’s ransomware defense firm, KnowBe4, gets $30M investment (CSO Online) Kevin Mitnick's firm KnowBe4 has secured a $30 million investment led by Goldman Sachs.

How empathy carried Duo Security to a $1 billion valuation (Concentrate) Duo raised $70 million in a recent round of financing, placing the company among the small handful of venture-backed private companies worth $1 billion or more.

Armed with $180M in VC funding, cybersecurity firm Darktrace expands to Ottawa (Ottawa Business Journal) As cybersecurity threats spread like the flu, an international firm claiming to be the cure has expanded its operations to Ottawa.

Averon Banks $8.3 Million, Promises 'Frictionless' Mobile Authentication (eSecurity Planet) San Francisco-based Averon, a mobile authentication startup, announced today that it had secured $8.3 million in an Avalon Ventures-led Series A round of funding.

Early and growth stage cyber technology companies to benefit from new collaboration between VT Partners and Paladin Capital (ResponseSource Press Release Wire) Paladin announces former Carlyle Group Director Nazo Moosa as its new Senior Strategic Partner Europe in a unique collaboration with VT Partners.

Netonomy wants to win in the race to secure the smart home (Stacey on IoT) This week’s KRACK vulnerability brought to light many of the fears around connected gadgets proliferating in our homes. Perhaps the biggest one being that such gadgets could lead to some epic secur…

Products, Services, and Solutions

Legal hackback lets you go after attackers in your network (CSO Online) Security startup Cymmetria has put together a tool and a framework to help security defenders hackback legally as part of incident response activities.

TCS, Palo Alto Networks offer public cloud security (The Economic Times) TCS' global Security Operations Centres will be leveraged to monitor advanced cyberthreats and secure organisations against malicious cyberattacks.

Kromtech launches tool to identify and prevent Amazon cloud server leaks (Healthcare IT News) In response to the influx of data breaches caused by misconfigured cloud databases, the security firm has developed a tool that will let administrators check if their bucket is inadvertently being shared with the public.

Netskope Context-Aware Information Rights Management Program Provides Protection That Follows the Data (PRNewswire) Netskope, the leader in cloud security, today announced the Netskope...

Cygilant Launches New Vulnerability and Patch Management Subscription Service to Support and Equip Lean IT Teams to Effectively Stop Cyber Threats and Exploits (PRWeb) Cygilant’s industry-first ‘One Vendor’ approach to vulnerability and patch management aims to streamline workflows; speeding cyber threat response times and lowering cost of ownership

CRN Exclusive: Tenable Unveils New Partner Program To Help Customers Bridge Their 'Cyber Exposure' Gap (CRN) Tenable on Tuesday launched its Cyber Exposure partner ecosystem, which the company hopes will help customers battle cyber exposure gap as they adopt new technologies like cloud and IoT.

ThreatMetrix, ID.me to partner on government ID services (Security Document World) ThreatMetrix, The Digital Identity Company and ID.me announced a new partnership to deliver integrated identity verification solutions for government and commercial clients.

Ledger, Intel Partner to Boost Blockchain App Security (Block Tribune) Blockchain firm Ledger has teamed with Intel to provide a secure solution for storing digital assets.

Amazon debuts Cloud Cam and Key to take on Nest, August and others in home security (TechCrunch) Amazon wants to be the hub for your connected home, and today the company announced two new products that will help it fill out that ambition, specifically in..

Technologies, Techniques, and Standards

Google: This surge in Chrome HTTPS traffic shows how much safer you now are online (ZDNet) Google's HTTPS-everywhere push is showing results in page loads on Chrome.

Services Ponder How to Train Like They Fight for Cyber (SIGNAL Magazine) The U.S. military must find ways to educate its ranks to respond to cyberthreats.

Legislation, Policy, and Regulation

Putin Will Require Cryptocurrency Miners to Register With the Government in 2018 (Motherboard) After months of conflicting statements, Russia has finally outlined its plan for cryptocurrencies.

Senate Intel advances surveillance reform bill (TheHill) The Senate Intelligence Committee on Tuesday voted to advance a proposal to reform the National Security Agency's (NSA) warrantless surveillance...

Protecting Our Electoral Security - Georgetown Public Policy Review (Georgetown Public Policy Review) Cybersecurity has become an increasingly salient topic in the realm of national defense. The reliance on technology for military, intelligence, and domestic infrastructure has made the disruptive potential of cyber-attacks for national security greater than ever. Elections are uniquely at risk. The aftermath of 2016 highlighted the importance of cybersecurity in election integrity. Almost four-fifths...

Facing Prospect of Regulation, Twitter Plans Ad Disclosures (WIRED) As lawmakers discuss new rules for political ads, Twitter says it will reveal who's paying for ads and who's being targeted.

Political ads on Twitter will now be labeled with lots of spending data (Ars Technica) Follows mounting congressional pressure about social media ads and disclosure.

Legislative Efforts in the Wake of Maritime Cyberattacks (The Maritime Executive) In June the maritime industry experienced what many consider a particularly insidious form of cyber attack known as GPS Spoofing, where global

Consumer Group Calls for Changes to Data Protection Bill (Infosecurity Magazine) Consumer Group Calls for Changes to Data Protection Bill. Which? wants to make it easier for Brits to seek redress in event of a breach

Litigation, Investigation, and Law Enforcement

Worker who snuck NSA malware home had his PC backdoored, Kaspersky says (Ars Technica) Kaspersky presses its case it didn't knowingly help Russia steal NSA secrets.

How Kaspersky Lab got on the US government's bad side (CNET) Here's what we know so far about the investigation into the cybersecurity firm's ties to Russia.

Kaspersky CEO defends security products, claims innocence (CIO Dive) The Russian security firm claimed that the recent allegations seem to be rooted in damaging the security software provider's reputation without the opportunity of due process.

Equifax Faces U.K. Regulatory Investigation Over Cyber Attack (Bloomberg) The U.K. Financial Conduct Authority opened an investigation into the hack of credit reporting company Equifax Ltd. that saw personal data stolen from at least 143 million people.

Spy fears over lost security manual (Australian) Defence giant BAE Systems Australia has become embroiled in an embarrassing blunder after admitting it lost a 1000-page manual that contained draft ­details of Parliament House’s ­security overhaul.

Report reveals ‘6 personas’ of money launderers (Lawyers Weekly) An international security company has analysed the characteristics of people involved in the various stages of money laundering, with a view to helping businesses stamp out the criminal practice.

Agencies get involved in Connecticut Cyber Task Force (LMT online) The state of Connecticut now has a task force that’s sole mission is to investigate crimes in cyberspace, according to the Department of Justice.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Transport Security & Safety Expo (Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.

Upcoming Events

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets...

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees...

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This...

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for...

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from...

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event...

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information...

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.