2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
December 5, 2018.
A CyberWire Daily News Briefing redesign is coming.
By the end of this week we expect we'll have completed a new design for our email, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.
When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.
By The CyberWire Staff
Ukraine's SBU security service says it detected and stopped a massive Russian attempt to compromise judicial targets. The attack vectors were malicious accounting documents (Kyiv Post). The report comes during times of heightened tension in Russia's hybrid war against Ukraine. It's perhaps noteworthy that NotPetya, which started its worldwide romp in Ukraine, was spread through compromised accounting software (WIRED).
Attribution of a recent phishing campaign against the US State Department and various think tanks to APT29 (a.k.a. Cozy Bear, a unit of Russia's SVU or FSB) now looks questionable, or at least not proven. FireEye and others had made the tentative attribution shortly after the attacks came to light (Reuters), but research by Microsoft concludes there's not enough evidence to warrant that conclusion. (Redmond tracks a threat group, YTTRIUM, whose activities overlap those of APT29.)
The EU continues to push Big Tech on election security (TechCrunch). In the US, the National Republican Congressional Committee (responsible for coordinating recently concluded midterm campaigns) reports that emails of four senior staffers were compromised. The FBI is investigating (Ars Technica). There's no attribution, yet, nor have stolen data surfaced anywhere, so far (WIRED).
The Center for Strategic and International Studies warns of Russian influence operations aimed at undermining trust in the US judicial system (Washington Post).
As hoped or feared, depending on one's preferences or allegiances, Westminster has released the internal Facebook emails the UK's Parliament strong-armed out of a third-party litigant. The high-level emails outline various ways Facebook considered monetizing users' data (Motherboard).
How to Budget for Insider Threat Management, Proactively
According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.
Canada’s Spy Chief Warns of Economic Espionage(Wall Street Journal) CSIS head David Vigneault, Canada’s top spy, said state-sponsored economic espionage and cyber threats pose a greater challenge to the country than terrorism. He also warned of the possibility of foreign interference in Canada’s national election next year.
STOLEN PENCIL Campaign Targets Academia(Arbor Networks Threat Intelligence) Executive Summary ASERT has learned of an APT campaign, possibly originating from DPRK, we are calling STOLEN PENCIL that is targeting academic institutions since at least May 2018. The ultimate motivation behind the attacks is unclear, but the threat actors are adept at scavenging for credentials. Targets are sent
FBI: Watch out for Iranian SamSam malware(Fifth Domain) The U.S. government is warning critical infrastructure firms to protect themselves from the SamSam virus that has caused more than $30 million in damages.
Google SearchLiaison on Twitter(Twitter) “Over the years, a myth has developed that Google Search personalizes so much that for the same query, different people might get significantly different results from each other. This isn’t the case. Results can differ, but usually for non-personalized reasons. Let’s explore…”
Marriott Hack Shows Risks Of Lax Cyber Diligence In Mergers(Law360) When hotel giant Marriott International Inc. merged with rival Starwood Hotels in 2016, it also unwittingly bought a reservation database where the company said Friday intruders were lurking undetected, illustrating the risks of missing cybersecurity gaps during due diligence.
Marriott Breach Exposes Far More Than Just Data(Forbes) Marriott International's recent data breach has affected up to 500 million people, but while the fallout could expose far more than just data, fortunately we're already on the right path.
Printeradvertising.com Spam Service Claims It Can Print Anywhere(BleepingComputer) In order to prevent this type of mischief, network enabled printers should never be connected to the Internet. Allowing them to do so only allows malicious actors to send any type of print document to your network, including pornography that could land you in trouble.
A Breach, or Just a Forced Password Reset?(KrebsOnSecurity) Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites.
60 Cybersecurity Predictions For 2019(Forbes) 60 predictions for cybersecurity in 2019 reveal the state-of-mind of key industry participants from artificial intelligence (AI) helping both attackers and defenders to data privacy, the cloud, IoT, and the emerging global cyber war conducted by terrorists, criminals, and nation-states.
Grange Insurance offers enhanced consumer coverage against cyber attack(Mobile Payments Today) Grange Insurance announced will offer consumers expanded coverage against hacking threats through its new Home Cyber Protection coverage. The company has previously offered insurance to protect a customer’s identity if they were the victims of an attack, but the expanding...
Bank Islam Brunei Darussalam Chooses Rambus to Secure Mobile Payments(Rambus) BIBD enables cardholders to pay securely on mobile devices with Rambus Token Service Provider solution SUNNYVALE, Calif. & BANDAR SERI BEGAWAN, Brunei Darussalam – December 5, 2018 – Rambus Inc. (NASDAQ: RMBS) a leader in digital security, semiconductor and IP products and services, today announced that Bank Islam Brunei Darussalam (BIBD), the largest bank in Brunei, has …
Intelligo does constant background checks on your trusted employees(TechCrunch) As a former Arby’s sandwich artist I understand the value of a background check. Had I not been investigated back at age 16 no one at the restaurant would have known I was a lapsed Boy Scout and read Stephen King novels. But what would have happened had I taken up a life of petty […]
Network Visibility: Can You Analyze Encrypted Traffic for...(Bricata) We get this question a lot: Can you analyze encrypted traffic for cyber threats? It just came up again during the question and answer section of our most recent webinar about threat hunting, so we thought it would be useful to answer it here. The short answer is yes, you... #broids #encryption #ids
Business Outcomes for Automated Phishing Response(SecurityWeek) Stan Engelbrecht shares the typical business outcomes experienced by a security team and shows the simple mathematical approach that can help estimate the effect of automation in your Security Operations Center.
Europe dials up pressure on tech giants over election security(TechCrunch) The European Union has announced a package of measures intended to step up efforts and pressure on tech giants to combat democracy-denting disinformation ahead of the EU parliament elections next May. The European Commission Action Plan, which was presented at a press briefing earlier today, has fo…
Qatar prepared to face cybersecurity threats(Gulf-Times) HE the Minister of Transport and Communications Jassim Seif Ahmed al-Sulaiti stressed that the ministry’s annual cybersecurity drills contribute to raising the efficiency and readiness of various institutions and companies in Qatar to address cyber attacks.
TSA unveils cyber roadmap(FCW) The Transportation Security Administration's new cybersecurity roadmap calls on the agency to communicate better with stakeholders in aviation, mass transit, freight rail, motor carrier and pipeline sectors, and take a hand in protecting data collected on travelers.
DOT CIO Hildebrand to leave(Federal News Network) Vicki Hildebrand, the Transportation Department chief information officer, told staff Tuesday that she needs to spend more time at home in Vermont to help with ailing family members.
U.K. Releases Internal Facebook Emails Deliberating Selling Data(Wall Street Journal) The U.K. Parliament released internal Facebook emails that lawmakers said show how executives at the social-media company, including Chief Executive Mark Zuckerberg, gave some developers special access to user data and contemplated charging developers for data access.
Health app traps gay pharmacist who killed wife(Times) A pharmacist who killed his wife to start a new life with his gay lover was caught out by an app on his phone. Mitesh Patel, 37, planned to claim his wife Jessica’s £2 million life assurance and...
An internet to protect the internet?(Federal News Network) Now higher on the intellectual property theft food chain are industrial products and integrated circuits, which can weaken national security.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
2019 Securing New Ground(New York, New York, USA, October 29 - 30, 2019) The Security Industry Association (SIA) carefully curates topics and speakers for this two-day conference with the goal of inspiring our fellow leaders in the security about the potential of the global...
Securing Digital ID 2018(Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...
First Annual Maryland InfraGard Cybersecurity Conference(College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.