1 million credentials fall into criminal hands every single day.
That's just one of the findings from the 2018 Credential Spill Report, which analyzed all of the usernames and passwords that were reported as compromised last year. The report also studied credential stuffing attack data across four major industries, finance, airlines, retail, and hotels, finding that retailers were by far the most targeted for account takeover. Read the report to learn about new ways attackers disguise credential stuffing and the total cost of attacks.
December 10, 2018.
The CyberWire's redesign is complete.
We launch our redesigned email with this issue. We trust it will reach you now in a shorter, more user-friendly format. The full range of selected reading you're accustomed to seeing is still there, accessible on our webpage.
By the CyberWire staff
China has summoned the US ambassador to demand an explanation for the arrest (in Canada) of Huawei CFO Meng, promising significant consequences if she's not promptly released (Guardian). The US charges Meng faces could bring significant prison time, should she be tried and convicted: multiple charges of conspiracy to commit fraud could bring thirty years each (CNBC). US companies are jittery about possible retaliation—Cisco, for one, is said to have moved to restrict non-essential employee travel to China (Bloomberg). The lawfare may grow sharper: the US is said to be preparing to unseal a number of additional indictments of Chinese nationals, perhaps as early as this week (Wall Street Journal).
Huawei is working to recover its image with a global cybersecurity upgrade (Bloomberg) even as US allies grow more vocal about the company’s perceived threat to their security (Wall Street Journal).
The Kubernetes privilege escalation vulnerabilities recently revealed continue to pose a very widespread risk to users of the popular container technology (Dark Reading).
Researchers at Stealthcare report that Russia’s seizure of three Ukrainian vessels in the Kerch Strait at the end of November was preceded by coordinated cyber operations directed against Ukrainian government assets. The threat groups involved include the familiar demimondaines of Carbanak and FSB-associated Gamaredon. The campaign is thought to have aimed at developing intelligence for the anticipated naval operation (Defense One). Stealthcare also reads the attack on FSBI Polyclinic Number 2, a hospital connected to Russia’s Presidential Administration, as probably Ukrainian retaliation (360 Core Security).
How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey
What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.
ON THE PODCAST
In today's podcast, up later this afternoon, we hear from our partners at Terbium Labs: Emily Wilson talks about why she feels the Lesbians Who Tech conference gets diversity right.
And if you haven't yet listened to Research Saturday, you can catch it here. In this edition, "Operation Red Signature targets South Korean supply chain," we hear how researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compromised the update server of a third party support provider, resulting in the installation of a RAT, or remote access trojan. Rik Ferguson is Vice President of Security Research at Trend Micro, and he guides us through their discoveries.
DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp(Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.
Rapid Prototyping Event: The Wolf in Sheep's Clothing(Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.
Botnet of Infected WordPress Sites Attacking WordPress Sites(Wordfence) The Defiant Threat Intelligence team recently began tracking the behavior of an organized brute force attack campaign against WordPress sites. This campaign has created a botnet of infected WordPress websites to perform its attacks, which attempt XML-RPC authentication to other WordPress sites in order to access privileged accounts. Between Wordfence’s brute force protection and the premium real-time ...
DanaBot Banking Trojan Gets into Spam Business(BleepingComputer) Authors of the DanaBot banking trojans updated the malware with new features that enabled it to harvest email addresses and send out spam straight from the victim's mailbox.
Arrest of Huawei CFO Inspires Advance Fee Scam(SANS Internet Storm Center) Last week, the arrest of MENG Wanzou made big waves in the news. Ms. Meng was arrested in Canada based on an arrest warrant issued for the United States Department of justice. Ms. Meng, as CFO of Huawei and possible heir to her father, the CEO of Huawei, is assumed to have access to substantial wealth. This led to a wave of advanced fee scams levering this news.
Report Sheds Light on Massive Ransomware Problem(Threat Vector) Datto, a managed service provider of IT services, recently released their 2018 Global State of the Channel Ransomware Report, in which they surveyed over 2,400 IT professionals from around the world. Here are some of the key findings.
GlobalPlatform Announces 2019 Board of Directors(Global Security Mag Online) GlobalPlatform, the standard for secure digital services and devices, has announced its Board of Directors for fiscal year 2019. Six Board seats were open and after a close election, the following individuals were re-elected to serve a further two-year term:
SentinelOne Adds New Features to Remove Need for Legacy AV Suites(Best Mobility Management Vendors, MDM Software and EMM Platforms) Endpoint protection solution provider, SentinelOne, recently announced two new features that extend the scope of the SentinelOne platform past traditional endpoint protection and endpoint detection…
We Will Never Hack Our Elections Secure(Forbes) Instead, we need the vendors who create these systems to share their security stories publicly, including all the supporting evidence, so that anyone can evaluate, challenge and improve them.
Nearly $1 million NSF grant to bolster cyber-physical systems security(Missouri S&T) Funded through a National Science Foundation grant, Missouri S&T researchers are developing stronger safeguards for a wide array of complex systems that rely on computers – from public water supply systems and electric grids to chemical plants and self-driving vehicles.
Legislation, Policy, and Regulation
When China Rules the Web(Foreign Affairs) China is set to remake cyberspace in its own image. That will make the Internet less open and allow Beijing to reap vast economic, diplomatic, and security benefits that once flowed to Washington.
U.S. Readies Charges Against Chinese Hackers(Wall Street Journal) U.S. prosecutors are preparing to unseal criminal charges against hackers linked to the Chinese government who have allegedly engaged in a multiyear scheme to break into U.S. technology service providers.
Two British Banks Ensnared in Huawei Dispute(Wall Street Journal) Two large British banks are among those ensnared in the controversy over Huawei Technologies. The dispute escalated over the weekend after the Chinese government warned Canada it would face “severe consequences” if it didn’t release the Chinese telecom giant’s finance chief.
Bomb Threat Hoaxer, DDos Boss Gets 3 Years(KrebsOnSecurity) The ringleader of a gang of cyber hooligans that made bomb threats against hundreds of schools and launched distributed denial-of-service (DDoS) attacks against Web sites — including KrebsOnSecurity on multiple occasions — has been sentenced to three years in a U.K. prison, and faces the possibility of additional charges from U.S.-based law enforcement officials.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
CPX Asia 360 2019(Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.