2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
August 23, 2018.
By The CyberWire Staff
In a week that's seen Microsoft, Facebook, and Twitter shut down influence operations from Russia and Iran, it seemed late yesterday that there'd been another election hack, this one a phishing campaign directed against the US Democratic National Committee (DNC). The DNC's CSO briefed party leaders, informed the FBI, and took a whack at the Administration for not doing enough to protect voting infrastructure.
It emerged over night, however, that there was, in fact, no hack. It was a poorly coordinated phishing awareness exercise. Lookout reported a fake login page for VoteBuilder that appeared to be after credentials for the DNC's voter database. The DNC ran with the false alarm. As Lookout has since tweeted (correctly) you don't know an alarm is false until you investigate. But the cock-up ("SNAFU," as CNN calls it) is embarrassing. It's good to be aware of security, but it's also good to be aware of it in ways that don't turn a fire drill into a Federal case.
No one's quite sure yet who ordered up the phishing test, but several people are pointing, on background, at Michigan's state branch of the Democratic Party.
Apache Struts has been found vulnerable to remote code execution. Semmle described the issue, which the Apache Foundation is addressing.
Surveillance tool maker Spyfone left "terabytes" of data exposed in a misconfigured AWS S3 bucket.
Cisco's Talos unit reports that Breaking Security's Remcos remote admin tool is exploitable by hackers.
Kaspersky Lab finds North Korea's Lazarus Group pushing Mac malware.
Protecting your organization from an attack involves much more than the traditional “block & tackle” tactics of the past. A good boxer doesn’t just block the punch they see coming, they move against the next anticipated punch. The modern Security Operations Center (SOC) requires a combination of automation and human tradecraft to successfully repel the adversary. Learn more about the modern SOC in LookingGlass’ webinar featuring guest IDC, August 29 @ 2pm ET.
ON THE PODCAST
In today's podcast we speak with our partners at the Johns Hopkins University, as Joe Carrigan gives us a rundown on Android vs. iOS data privacy. Our guest is Oren Falkowitz from Area 1 Security, discussing protection against phishing attempts.
Hacking Humans is also up. This week our hosts take up Hollywood script pitch event scams, a romance scam murder scheme, and the curious case of allegedly spontaneously combusting ATM cards. Our guest, Jayson E. Street from SphereNY, describes his experiences with security awareness engagements.
Cyber Security Summits: August 29 in Chicago & in NYC on September 25(Chicago, Illinois, United States, August 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Rapid Prototyping Event: The Chameleon and the Snake(Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.
The force is stronger when MSPs and MSSPs come together.(Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.
5th Annual Cyber Security Conference for Executives(Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!
Dragos Industrial Security Conference (DISC) 11/5/18(Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.
Cyber Attacks, Threats, and Vulnerabilities
False alarm: Democrats say feared hack attempt was actually just a test (CNN) The Democratic National Committee said late Wednesday night that what it had earlier feared was the beginning of a sophisticated attempt to hack into its voter database, was, in fact, an unauthorized "simulated phishing test" and not an actual attempt to hack into its systems by an adversary.
Lookout discovers phishing site targeting DNC(Lookout) As reported by The Washington Post and CNN today, Lookout has discovered a customer phishing kit targeted at the Democratic National Committee (DNC) via a third-party technology provider NGP VAN.
New Spyware Framework for Android Discovered(SecurityWeek) A newly identified spyware framework called Triout can be used to build extensive surveillance capabilities into Android applications, Bitdefender security researchers warn.
Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says(CSO Online) Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research, introduced at Black Hat this month, shows that malevolent hackers can introduce this vulnerability, even in environments that were previously considered low-risk for this attack.
Microsoft's anti-hacking efforts make it an internet cop(Tristate Homepage) Intentionally or not, Microsoft has emerged as a kind of internet cop by devoting considerable resources to thwarting Russian hackers.The company's announcement Tuesday that it had identified and forced the removal of fake internet domains mimicking conservative U.S. political institutions triggered alarm on Capitol Hill and led Russian officials to accuse the company of participating in an anti-Russian witch hunt.
Leaving the SecurityWeek ICS Cyber Security Conference(Control Global) I have decided to discontinue my participation in the SecurityWeek ICS Cyber Security Conference. I will continue to participate in control system and ICS cyber security conferences, my Managing Directorship of ISA99, the blogsite at www.controlglobal.com/unfettered , and my focus on instrumentation and control system cyber security, reliability, and safety. I also will continue to provide independent expert support to end-users, vendors, and government organizations. Additionally, I look forward to continue being an evangelist and keynote speaker for the need to secure these critical, but not well-understood systems.
Coalition Introduces Service Fraud Coverage(The Coalition) Citing the rise in cloud services and cryptomining-driven fraud, Coalition, the leading technology-enabled cyber insurance solution, today announced the first cyber insurance product to protect organizations against fraudulent use of their IT and telephony services, including cloud- and Internet-based services.
Wall Street Finds Limits with Current AI Applications(Wall Street Journal) Experts who are experimenting with various aspects of artificial intelligence at Goldman Sachs Group Inc. and Morgan Stanley say artificial intelligence could be useful in detecting fraud and reducing errors in algorithmic trading, but there are still many limitations with the technology as it exists today.
Victimology: Target Association(ThreatQuotient) In a previous life, I managed two SOCs with 40+ analysts each, where a large component of the team was dedicated to threat intelligence
Sanctions on Russia Are Working(Foreign Affairs) On August 8, the Trump administration announced new sanctions on Russia in response to its use of the nerve agent Novichok to poison Sergei Skripal, a former Russian military intelligence officer, and his daughter, Yulia, in the United Kingdom in March. The penalties are set to go into effect in the coming days. Congress will soon consider further sweeping measures against Russia in retaliation for the chemical attack.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
RSA 2019(San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone...
The Air Force Information Technology & Cyberpower Conference(Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection...
The Cyber Security Summit: Chicago(Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Intelligence & National Security Summit(National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will...
Cyber Resilience & Infosec Conference(Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently
9th Annual Billington CyberSecurity Summit(Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...
SecureWorld Twin Cities(Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
2018 International Information Sharing Conference(Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they...
SecureWorld Detroit(Detroit, MIchigan, USA, September 12 - 13, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.