2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
December 6, 2018.
A CyberWire Daily News Briefing redesign is almost here.
We expect to have completed a redesign for our email soon, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.
With the new format you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. As always, thanks for subscribing and reading.
By The CyberWire Staff
Canadian authorities detained Huawei's CFO, Meng Wanzhou, in Vancouver yesterday at the request of the US Justice Department. US prosecutors want Ms Meng extradited to face charges related to alleged violations of sanctions against Iran (Wall Street Journal). The daughter of Huawei's founder, Ren Zhengfei, she's become the face of the company (Wall Street Journal). The arrest apparently triggered a stock sell-off in European markets, which dropped to a two-year low after the arrest was announced (Reuters). How the collar will affect the Sino-American 90-day trade-war truce is unclear (South China Morning Post).
Reuters reports that "private investigators" attribute the Marriott data breach to Chinese intelligence services. Anonymous sources (anonymous because they weren't authorized to talk) said investigators found "hacking tools, techniques and procedures" previously linked to China's government. This evidence is of course both anonymously sourced and also circumstantial. Forbes has an outline of the history of Marriott security incidents since its Starwood acquisition.
A US Federal grand jury in Atlanta has brought additional charges against the two Iranian men previously indicted for their deployment of SamSam ransomware. The new charges specifically address the attack on the city of Atlanta. The two accused remain at large, and they're also not SamSam's only possible controllers. The FBI and US Department of Homeland Security warn that SamSam is being actively deployed against critical infrastructure targets, including utilities (SecurityWeek).
A Flash zero-day, now patched (Help Net Security) was used to attack a Russian hospital, possibly in retaliation for the Kerch incident (SecurityWeek).
Today's issue includes events affecting Australia, Canada, China, India, Iran, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, Syria, Ukraine, United Arab Emirates, United Kingdom, United States.
How to Budget for Insider Threat Management, Proactively
According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.
And Hacking Humans is also up, with a new episode on "Bringing trust to a trustless world." We share some listener follow-up on a URL issue. Dave describes an elderly couple scammed out of savings. Joe wonders if it's wise to unsubscribe. Our guest, Andre McGregor from TLDR Capital, describes his work during his former career as an FBI Special Agent, and his experience consulting on the t.v. show Mr. Robot.
Beware Ransomware Doctors Peddling Fake ‘Cures’, Warns Check Point(Information Security Buzz) Researchers from leading cybersecurity vendor Check Point have uncovered a Russian IT consultancy named Dr. Shifro [...] that claims to unlock and recover consumers’ and businesses’ encrypted files. But in fact, the company simply pays the ransomware’s creator themselves and passes the cost onto the victim at a 75%-plus profit margin. Dr. Shifro offers only …
Chinese stocks plummet as Huawei CFO arrest raises trade fears(TechCrunch) A string of Chinese stocks fell hard on Thursday after the arrest of Huawei’s chief financial officer Meng Wanzhou in Vancouver deepened concerns over US-China trade tensions. The Hang Seng China Enterprises Index of Chinese companies listed in Hong Kong was off 2.76 percent as of 12:40 p.m. …
Huawei security fears - paranoia, blowback, or both?(ComputerworldUK) BT has made the decision to strip the equipment of Huawei from its core EE 4G network among growing security concerns about the Chinese telecom infrastructure giant's critical infrastructure footprint. Can - or should - any blame be laid on Huawei, or is this a result of paranoia, projection, or a severe lack of government oversight?
You Could Have SD-WAN Already… Just Turn It On!(Watchguard) SD-WAN products offer similar features that closely align to the functional definitions proposed by industry experts; however, network security providers deliver more substantial security features as illustrated in this table.
Microsoft and Mastercard partner to build a universally-recognized digital identity(Security Boulevard) Mastercard has partnered with Microsoft to help people better manage and use their digital identity. Current identity management systems are complex in proving user identity and managing their data. Following this, Mastercard and Microsoft are provided a way for people to instantly verify their digital identity with whomever they want, whenever they want using a The post Microsoft and Mastercard partner to build a universally-recognized digital identity appeared first on Packt Hub.
The Case for a Human Security Officer(Dark Reading) Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.
Marriott breach spurs new privacy law push(TheHill) Lawmakers are fired up after Marriott International suffered what is believed to be the nation’s second-largest data hack, in which hundreds of millions of its customers had their personal data stolen.
Life, Liberty, and the Pursuit of Privacy(Virtru) “...our data is our property. It represents us as individuals and has immense value. Unfortunately, it has been hijacked for private profit and too often used for nefarious purposes, without our explicit consent.”
Britain is blind to the crimes of its friends(Times) ‘Is this any way to treat an ally?” That was the understandable reaction to the life sentence given to Matthew Hedges last month. But the real question, of course, was “is this any way to treat...
Atlanta U.S. Attorney Charges Iranian nationals for City Of Atlanta ransomware attack(US Department of Justice) A federal grand jury in Atlanta has returned an indictment charging Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri with committing a sophisticated ransomware attack on the City of Atlanta in March 2018 in violation of the Computer Fraud and Abuse Act.A federal grand jury in Atlanta has returned an indictment charging Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri with committing a sophisticated ransomware attack on the City of Atlanta in March 2018 in violation of the Computer Fraud and Abuse Act.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
ISC West 2019(Las Vegas, Nevada, USA, April 10 - 12, 2019) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing...
10th Annual Billington CyberSecurity Summit(Washington, DC, USA, September 5, 2019) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.