skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

A CyberWire Daily News Briefing redesign is coming.

By the end of this week we expect we'll have completed a new design for our email, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.

When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.

Iran's operations in cyberspace have been growing in capability as Tehran shows a disposition to learn from the best. Its information operations in particular show fresh sophistication, particularly against targets in the Arab world (Reuters).

US Defense Secretary Mattis said that Russia's attempts to influence US elections show that President Putin is a "slow learner" (Reuters). In the UK, MI6 director Younger warns Russia not to take Britain lightly (Bloomberg).

The Marriott breach poses a range of risks, identity theft and espionage being two of them (KFDM). Authorities are also beginning their investigation of the incident. As is often the case, the State of New York is first out of the gate: on Friday the state's attorney general announced it was opening a probe that would not only look into the circumstances of the breach, but that would also determine whether Marriott's "delay" in disclosure constituted a violation of New York law (New York Law Journal). And if you are an affected guest wondering if there was anything you could have done to protect yourself, Rook Security says, essentially, no, there was nothing you could have done (Fox 59). 

The US Court of Appeals for the DC Circuit ruled Friday that the Government's ban on Kaspersky products can stand. It's not, after all, and unconstitutional bill of attainder (TheHill).

Another reason not to pay ransomware extortion demands: under current US law, if those payments go to the wrong place, ransomware victims could find themselves in violation of US sanctions (BleepingComputer).

Notes.

Today's edition of the CyberWire reports events affecting Afghanistan, Australia, China, Iran, Iraq, Israel, Japan, Democratic Peoples Republic of Korea, New Zealand, Saudi Arabia, Syria, Turkey, United Kingdom, United States.

How to Budget for Insider Threat Management, Proactively

According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.

In today's podcast we hear from our partners at Lancaster University, as Daniel Prince discusses growth, innovation and productivity within cyber security.

Rapid Prototyping Event: The Turing Test (Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.

Cyber Attacks, Threats, and Vulnerabilities

Special Report: How Iran spreads disinformation around the world (Reuters) Website Nile Net Online promises Egyptians "true news" from its office...

Tel Aviv Intelligence Startup Says it Found a Fake News Network Linked with Iran (CTECH) According to a report by ClearSky Cyber Security, 98 fake news sites operating in 29 languages can be linked to Iranian operators

Iran using websites to spread fake news (Khaleej Times) Its views on America do not chime with those of Egypt's state media.

China tells tech companies to keep detailed records of users' activity (CNN) The Chinese government has ordered internet companies to keep detailed records of their users' personal information and online activity — the latest indication of the country's increasingly restrictive approach to the internet.

Russian hackers allegedly attacked Germany and the US on the same day (Quartz) It's unclear if the attacks were connected.

Pentagon chief slams 'slow learner' Putin over election meddling (Reuters) U.S. Defense Secretary Jim Mattis accused Russian President Vladimir Putin on Saturday...

Mattis claims Russia attempted to "muck around" in the 2018 midterms (Vox) It’s the first time a government official has directly accused Russian President Vladimir Putin of meddling in the midterms.

As Putin Attempts Thaw, MI6 Chief Says Don’t Underestimate Britain (Bloomberg) U.K. in arms race for espionage technology to tackle threats. MI6 head says European partnerships continue despite Brexit.

Al Qaeda tries to capitalize on Saudi controversy (FDD's Long War Journal) Earlier this month, Al Qaeda's As Sahab released an essay blasting Saudi Arabia's relationship with the US. The essay's author, identified as Sheikh Awab Bin Hasan al Hasni, portrays America as a declining power and touts the resurrection of the Taliban's Islamic Emirate of Afghanistan. AQAP also finally released the 58th issue of Al Masra newsletter, which focuses on the murder of Jamal Khashoggi.

Marriott’s Starwood Missed Chance to Detect Huge Data Breach Years Earlier, Cybersecurity Specialists Say (Wall Street Journal) Marriott says it responded quickly when it learned in recent weeks of a colossal theft of customer data, but cybersecurity specialists say the company missed a significant chance to halt the breach years earlier.

Cyber Security expert says it was impossible for guests to protect themselves from Marriott breach (FOX59) A security breach inside Marriott’s hotel empire has compromised the information for as many as 500 million guests. The hotel chain said Friday the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.

Marriott hack: 60 per cent of cyber attacks now involve multiple targets in one organisation warns Carbon Black (Computing) Island hopping attacks targeting suppliers and acquisitions also growing threat, say experts

What the Marriott Breach Says About Security (KrebsOnSecurity) We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties.

Espionage, ID theft? Myriad risks from stolen Marriott data (KFDM) The data stolen from the Marriott hotel empire in a massive breach is so rich and specific it could be used for espionage, identity theft, reputational attacks and even home burglaries, security experts say. Hackers stole data on as many as 500 million guests of former Starwood chain properties over four years including credit card and passport numbers, birthdates, phone numbers and hotel arrival and departure dates. It is one of the biggest data breaches on record.

Mining software isn't just for cryptocurrency — it could also be used to steal corporate secrets (CNBC) A threat researcher recently discovered that mining software can be programmed to steal sensitive documents, log in credentials or take down critical systems. 

Check Point Software Detects ‘KingMiner’ Crypojacking Malware Is Evolving Amongst Crypto Mining Bots (BitcoinExchangeGuide) Just When You Thought It was Safe To Go Into Mining: New Mining Malware Seen To ‘Evolve’ According To Researchers According to new research by the Israel-based cybersecurity company, Ch…

Vulnerability discovered in safety controller configuration software (Help Net Security) Gjoko Krstic has discovered a vulnerability in Pilz PNOZmulti Configurator software that allows a local attacker to read sensitive data in clear-text.

Moscow’s cable car service shuts down in 2 days after ransomware attack (HackRead) The first cable-car service was launched in Moscow this Tuesday, and free rides to and from Luzhniki Stadium were promised to the visitors throughout the first month.

Twitter user hacks 50,000 printers to tell people to subscribe to PewDiePie (ZDNet) Hacker lends a helping hand to YouTube star losing his crown.

Why a Hacker Exploited Printers to Make PewDiePie Propaganda (WIRED) An anonymous hacker has claimed credit for the prank, which is part of an ongoing YouTube subscriber feud.

Someone Is Claiming to Sell a Mass Printer Hijacking Service (Motherboard) After one hacker bombarded printers with a message urging people to subscribe to PewDiePie, someone is now claiming to offer a mass-printing service across the internet.

Bing Warns VLC Media Player Site is ‘Suspicious’ in Likely False-Positive Gaff (Threatpost) After identifying the official VLC media download page as "unsafe" with its Bing search engine, Microsoft now suggests it was done in error.

Southeby’s Site Infected with Magecart for Over a Year (Infosecurity Magazine) US site formerly known as Viyet was affected

'The Pirate Bay of Science' Continues to Get Attacked Around the World (Motherboard) After publishers sued Sci-Hub, Russian ISPs are now preventing users from accessing the valuable scientific data repository and paywall killer.

Sharp rise in email and social media hacking in the UK (Help Net Security) Police forces across the UK are coming under increasing pressure to launch criminal investigations into incidents of social media and computer hacking.

US iOS users targeted by massive malvertising campaign (ZDNet) A malvertising campaign deployed via a high-profile ad platform targeted iOS users across the US. Crooks hijacked over 300 million web sessions.

Contractors Are a Bull's-Eye for Hackers (SIGNAL Magazine) As large defense contractors invest heavily in securing their networks, adversaries turn their attention to smaller defense suppliers for cyber attacks.

Cyber Trends

The state of cyberwarfare: 2 things you need to know (ZDNet) If you want to understand why you should be worried about the proliferation of cyberweapons and the lack of arms control treaties governing them, then read on.

Survey shows IT professionals concerned about cyberwarfare, end users, and conducting international business (ZDNet) In a recent Tech Pro Research survey, 86% of respondents said carrying out international business presented security challenges, despite only 41% of respondents actually engaging in overseas business.

There is continual war in cyberspace (Tribuneindia News Service) On November 26, I uncovered the largest known foreign disinformation operation targeting the Indian users of social media. The word

IIoT technologies integration creates expansion opportunities in the industrial cybersecurity industry (Help Net Security) Customers need require scalable, flexible cybersecurity solutions, finds Frost & Sullivan. IIoT technologies integration is the key to growth.

The user, the abuser and the cyber criminals (Business Post) According to Europol’s fifth annual internet organised crime threat assessment, ransomware remained the biggest malware threat out there in 2018. Ransomware lockdown...

Marketplace

Cyber attack victims face disputes with insurers (Financial Times) Sales of cover are growing at 25% a year but battles over claims are common

Filling the Cybersecurity Jobs Gap - Now and in the Future (Dark Reading) Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.

The alienation of an ambitious Chinese tech giant (Noted) Does Huawei really pose a threat to New Zealand's national security?

Huawei UK revenues and profits slide as security challenges pile up (The Telegraph) Chinese telecoms company Huawei has suffered slipping revenues in the UK as security concerns mount for the tech giant ahead of global deployment of faster mobile network technology.

Canberra's BCT Solutions scores work on Defence electronic warfare project (CRN Australia) Big win after snaring fifth place on 2018 CRN Fast50.

Crypto start-ups hit by layoffs as falling prices bite (The Telegraph) Cryptocurrency start-ups have been laying off large swathes of their workforces as the Bitcoin crash hits fledgling businesses.

Darktrace chief executive: Cyber security is a global arms race - and we plan to win (The Telegraph) Even by today’s standards, it was an audacious heist.

CrowdStrike's Immigrant Cofounder Fighting Cyber Criminals (Forbes) Crowdstrike's Dmitri Alperovitch immigrated to America as a teenager and grew up to co-found a $3 billion company employing 1,200 people.

Symantec COO resigns with immediate effect (CRN) Former exec Gilliland returns to Symantec to lead enterprise division

Three Executives Depart in Major Leadership Shuffle at Symantec (Bloomberg) Symantec Corp. Chief Executive Officer Greg Clark has embarked on a major shake-up of the cybersecurity software maker.

Products, Services, and Solutions

Micron Selects Rambus CryptoManager Platform for Secure Provisioning to Authenta Technology (BusinessWire) Micron selects Rambus CryptoManager platform for secure provisioning to Authenta technology.

Ping Identity Announces New Customer Identity-as-a-Service Solution for Application Developers (BusinessWire) Ping Identity, the leader in Identity Defined Security, today announced the public preview of PingOne for Customers. The cloud-based Identity as a Ser

R&S®Trusted Gate secures sensitive data in Microsoft Office 365 based on Microsoft Azure (Rhode & Schwarz) R&S Trusted Gate is a security software solution for encrypting files built on Microsoft Azure. Previously, the solution could only be used by companies in their own data center, on-premises.

Swisscom Expands Use of RANK Software Amidst Growing Global Security Analyst Shortage (GlobeNewswire News Room) RANK provides Swisscom with real-time threat detection, hunting and integration capabilities

Exabeam Debuts Smart Timelines To Streamline Incident Response (CRN) Exabeam’s new Smart Timelines feature is intended to help security analysts improve their productivity around both incident investigation and threat hunting.

Starr announces partnership with cybersecurity firm (Insurance Business) The agreement will allow Starr policyholders to access company’s front-end loss-prevention services

Technologies, Techniques, and Standards

7 warning signs of an insider threat (CSO Online) While the security industry often focuses on the nation-state and cyber criminals, often some of the biggest dangers are hiding in plain sight within your own company.

What Type of Vulnerabilities Does a Penetration Test Look For? (The State of Security) Penetration testing is becoming increasingly popular as organizations are beginning to embrace the need for stronger cybersecurity. But there are still too many businesses that don’t fully understand the benefits of regular security testing.

IAM for IoT: Taming the internet of threats (CSO Online) We don’t simply give users credentials and allow unfettered access to the network, why wouldn't we apply the same controls to a networked device?

What cloud platforms are DevOps professionals being asked to understand? (Help Net Security) Cloud Academy released its November 2018 Data Report revealing important trends and shifts in the cloud computing industry.

White House launches cyber reskilling academy for feds (Fifth Domain) Federal employees who want to jump into the cybersecurity field will have an opportunity to go through a new three-month training course sponsored by the CIO Council and Department of Education.

Design and Innovation

When totalitarian regimes play by different rules in tech, here’s how the US military can compete (C4ISRNET) Even as the Pentagon speaks about the importance of strategic cooperation with China, differing approaches to technology development could leave the U.S. struggling to keep up.

Blockchain study finds 0.00% success rate and vendors don't call back when asked for evidence (Register) Where is your distributed ledger technology now?

Academia

U.S. Department of Energy hosts national competition at PNNL on Saturday (KEPR) Teams from all over the country were in town this weekend for the largest cyber-security competition of its kind. Students spent their Saturday at Pacific Northwest National Lab (PNNL) to compete against each other in a simulated cyber-attack on America's energy grid. Jeffrey Baumgartner from the Department of Energy in Washington D. C. says they host competitions like this to train, and hopefully recruit, the next generation of cyber-defenders.

Legislation, Policy, and Regulation

Israel, Japan sign cybersecurity cooperation accord (Times of Israel) Memorandum of understanding says the two nations will share research and development, information and training programs

US intelligence officials in Wellington for high-level visit (New Zealand Herald) The 5G ban on Huawei is almost certain to be discussed at a US-NZ intelligence meeting.

Cyber Command’s anti-ISIS offensive undergoes a change (Fifth Domain) Joint Task Force-Ares gets a new commander.

Air Force moves to boost cyber and electronic warfare efforts (Fifth Domain) The Air Force says that it is struggling to test the integration of its cyber and physical battle plans, presenting more questions about whether the Pentagon is prepared for the hybrid style of warfare embraced by Russia.

The government must define ‘emerging technology’ to protect it (Federal Times) To guard against China gaining dominance in critical sectors, the Trump administration is racing to define and control what technologies are most essential to U.S. national security.

Analysis | The Cybersecurity 202: Senators call for data breach penalties, tougher privacy laws after Marriott hack (Washington Post) Their ideas are reminiscent of Europe's GDPR.

Klobuchar, Sullivan Introduce Bipartisan Legislation to Strengthen Election Security with International Allies (U.S. Senator Amy Klobuchar) The Global Electoral Exchange Act would establish an international information sharing program on election security at the State Department

Deputy AG Rod Rosenstein Is Still Calling for an Encryption Backdoor (WIRED) At a cybercrime conference Thursday, Rod Rosenstein once again decried "going dark."

Litigation, Investigation, and Law Enforcement

NY AG Announces Probe of Marriott Data Breach and Its Failure to Report Incident (New York Law Journal) A spokeswoman for Underwood’s office confirmed Friday morning that they were looking into the breach and that the company may have violated state law by not notifying the attorney general of the incident.

Congress: Amazon didn’t give “sufficient answers” about facial recognition (Ars Technica) "Does Amazon Rekognition contain a mechanism for… deleting unused biometric data?"

Police use of ‘Orwellian’ facial recognition cameras in legal challenge  (The Telegraph) The use of 'Orwellian' facial recognition cameras by the British police is to be challenged in the courts for breaching human rights.

Britain's data commissioner launches investigation into UK use of facial recognition (The Telegraph) The information watchdog has launched a formal investigation into the police use of facial recognition technology following trials across the country, The Daily Telegraph has learned.

Saudi crown prince exchanged messages with aide alleged to have overseen Khashoggi killing (Washington Post) Mohammed bin Salman communicated with Saud al-Qahtani in the hours before and after Khashoggi was killed by Saudi agents, intelligence intercepts are said to show. 

Opinion | The Khashoggi killing had roots in a cutthroat Saudi family feud (Washington Post) Behind the vortex of rage and lawlessness in the royal court that ultimately sucked in the Post Global Opinions columnist.

Saudi dissident sues Israeli spyware firm over Khashoggi killing (Times of Israel) Omar Abdulaziz says NSO Group helped Saudi government hack his phone and uncover his conversations with the slain journalist

Senate Intelligence Committee has referred cases of suspected lying to Mueller (Washington Post) “If you lie to us . . . we’re going to prosecute you,” the panel’s chairman said.

‘I had no contact with Assange,’ Roger Stone says (Washington Post) In an interview on ABC News, the longtime Trump adviser also said that he has not been contacted by the special counsel’s team.

Appeals court upholds US government ban on Kaspersky software (TheHill) A federal appeals court in Washington, D.C., on Friday upheld the federal government’s ban on software from Moscow-based cybersecurity firm Kaspersky Lab.

Making a Ransomware Payment? It May Now Violate U.S. Sanctions (BleepingComputer) Thinking about making a ransomware payment? If so, you may want to think twice before doing so as it could land you in trouble for violating U.S. government sanctions.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Digital Utilities Europe 2019 (London, England, UK, May 8 - 9, 2019) Following three successful editions of ACI’s Digital Utilities Europe Summit, the 4th edition will be taking place in London, United Kingdom on 8th-9th May 2019. The conference will bring together key...

Transport Security Congress (Washington, DC, USA, May 14 - 15, 2019) The Transport Security Congress brings together business and security leaders from all sectors of passenger and goods transportation to discuss solutions to the evolving security and safety risk landscape.

GovSummit (Washington, DC, USA, June 26 - 27, 2019) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...

Upcoming Events

Securing Digital ID 2018 (Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...

First Annual Maryland InfraGard Cybersecurity Conference (College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.