2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
December 7, 2018.
A CyberWire Daily News Briefing redesign is almost here.
We expect to complete redesigning our email soon, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.
With the new format you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. As always, thanks for subscribing and reading.
By The CyberWire Staff
China has demanded that Canada release Huawei CFO Meng from custody (Telegraph), but in custody she seems likely to remain. The US is investigating not only violation of sanctions imposed on Iran, but financial crimes as well (CRN). Huawei remains under suspicion in all Five Eyes of posing a security risk (CNBC). The Australian Signals Directorate warns that Huawei’s devices could pose a threat to water and power infrastructure were they to be used in 5G networks (Wall Street Journal). Nor is such suspicion confined to the Five Eyes: Japan has decided to exclude both Huawei and ZTE from government contracts (Reuters).
The arrest is taken as a strong signal of US determination to enforce sanctions (Wall Street Journal). It’s also believed likely to sharpen the ongoing Sino-American trade war, with IT market leadership at stake (Bloomberg). Observers wonder whether China will retaliate for US measures against Huawei and ZTE, and Russia for Kaspersky’s exclusion from US Government systems, with their own legal or extralegal action against US companies (Washington Post). A large Chinese information operations campaign seems already to form part of a response (Guardian).
Proofpoint warns of an emerging threat to US retailers. "TA505," the criminal group behind Locky and Dridex, uses highly "personalized" attachments in a phishing campaign that spreads Remote Manipulator System and FlawedAmmyy malware.
Kaspersky describes a crime wave that's cost Eastern European bank millions. ZDNet calls it a "Hollywood hack:" the criminals attach small, cheap hardware to a bank's networks then remotely drain funds.
Today's issue includes events affecting Australia, Canada, China, Ecuador, France, Germany, New Zealand, Russia, Singapore, United Kingdom, United States.
A note to our readers: today is Pearl Harbor Day, marking the seventy-seventh anniversary of the battle that brought the US into the Second World War. The generation that served in that war is passing quickly. This year, for the first time, no survivors of the USS Arizona will be on hand to take the salute in Oahu (they're all too frail to make the trip). Spare a thought for those who served, and consider paying them respect while they're still with us.
How to Budget for Insider Threat Management, Proactively
According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.
Inside China's audacious global propaganda campaign(the Guardian) The long read: Beijing is buying up media outlets and training scores of foreign journalists to ‘tell China’s story well’ – as part of a worldwide influence campaign of astonishing scope and ambition
Lokibot campaigns continue with some changes to C2 urls(My Online Security) Seeing some changes to Lokibot with this malware delivery campaign overnight. I don’t know if it is a complete change to the C2 url naming convention or whether it is only this particular actor using…
Microsoft rolls out KB4471331 for Adobe Flash Player zero-day vulnerability(MSPoweruser) Microsoft has rolled out a new cumulative update for Windows 10 users which brings a fix for Adobe Flash Player’s zero-day vulnerability. The vulnerability was earlier identified by researchers and allowed attackers to trigger execute arbitrary code on vulnerable machines. The update is being released to all the supported Windows 10 versions including October 2018 Update as …
Singapore announces new grant to enhance cybersecurity capabilities(CISO MAG) The grant provided under the Financial Sector Technology and Innovation Scheme (FSTI) will co-fund up to 50 percent of expenses in Singapore-based financial institutions to establish their global or regional cybersecurity centers of excellence in the country.
Secure Code Dojo: How to Defeat SQL Injection(Insights: Secure Code Warrior) Attackers are using SQL injection - one of the oldest (since 1998!) and peskiest data vulnerabilities out there - to steal and change the sensitive information available in millions of databases all over the world.
Automating for Endless zero-days(SC Media) By Derek Manky, chief of security insights & global threat alliances, Fortinet The number of vulnerabilities available to cybercriminals continues to
Don’t Get Phished – 7 Tips to Avoid This Common Cyber Attack(Security Boulevard) Phishing is the most common type of cyber-attack that impacts organizations both large and small. These attacks may take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. Unfortunately, some of the more common ways we mightRead More ›
Bank of America Tech Chief Defines Responsible AI Projects(Wall Street Journal) The key to responsible use of artificial intelligence begins with understanding the specific problem that companies are trying to solve, said Cathy Bessant, chief operations and technology officer for Bank of America Corp.
Beagle sniffs out email scammers(GCN) By building visual representations of the connections in the data, Beagle makes it much easier to connect the dots and ultimately understand how scam networks operate.
IBM AI researchers say ‘what is the question’ is the real question(ZDNet) IBM AI technology lead, John Smith, and principle research scientist Kush Varshney talk with ZDNet about how the company endeavors to broaden the discipline from “narrow AI” to something more fit for the rigours of industry. Defining what the actual problem is that one is trying to train neural networks for, seems to be a big part of what makes AI work or not work, they suggest.
Why the US government is so suspicious of Huawei(CNBC) The U.S. government has spent the better part of the last decade taking issue with the Huawei over topics including the firm's alleged espionage ties to the Chinese government and allegations of a long history of intellectual property theft.
Canada Faces Pressure to Ban Huawei Equipment (Wall Street Journal) Canada’s detention of a senior executive at Huawei Technologies comes at a time when Ottawa is under intense pressure to prohibit the use of the Chinese company’s gear in its telecommunications networks.
Australian leader says cybersecurity laws urgently needed(AP NEWS) New Australian cybersecurity laws that force global technology companies such as Facebook and Google to help police by unscrambling encrypted messages sent by extremists and other criminals were urgently needed to safeguard Australia, the prime minister said Friday. The legislation was passed by the Senate late Thursday, the last day Parliament sat in 2018. While the opposition Labor Party agreed to support the legislation as an emergency measure because of concerns that extremists could target Christmas-New Year crowds, party lawmakers said they want amendments passed when Parliament resumes in February.
Republicans hacked after hiring the Democrats' cyber-security firm, Crowdstrike(American Thinker) Why on Earth would the National Republican Congressional Committee hire the same firm that allowed the Democrats' emails to be hacked as its own cyber-security consultant? In fact, Crowdstrike is the same firm that claimed that it was the Russians who hacked the Dems after then-DNC head Debbie Wasserman Schultz reportedly refused to let the FBI examine the computers.
Former FBI director Comey to testify in House GOP probe(Washington Post) The former FBI director is one of the final witnesses expected to interviewed in the investigation of how federal law enforcement handled probes of President Trump and Hillary Clinton, before Democrats take over the House.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
ISC West 2019(Las Vegas, Nevada, USA, April 10 - 12, 2019) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing...
10th Annual Billington CyberSecurity Summit(Washington, DC, USA, September 5, 2019) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.