1 million credentials fall into criminal hands every single day.
That's just one of the findings from the 2018 Credential Spill Report, which analyzed all of the usernames and passwords that were reported as compromised last year. The report also studied credential stuffing attack data across four major industries, finance, airlines, retail, and hotels, finding that retailers were by far the most targeted for account takeover. Read the report to learn about new ways attackers disguise credential stuffing and the total cost of attacks.
December 12, 2018.
By the CyberWire staff
McAfee describes "Operation Sharpshooter," a critical infrastructure cyber-reconnaissance campaign. They conclude it's a nation-state operation, but without specific attribution (despite code overlap with North Korea's Lazarus Group).
Huawei CFO Meng Wanzhou's made bail: $7.5 million and a tracking bracelet (Quartz). China has detained a former Canadian diplomat in apparent retaliation for Meng's arrest (Times). Comparisons are drawn to ZTE's troubles: the US might use Meng's case to exact concessions from Huawei and China's government (Reuters).
US investigators suspect China was behind the Marriott hack (New York Times). Sanctions and indictments are expected (Reuters).
Two political crises near denouement. UK Prime Minister May faces a no-confidence vote today, largely over the handling of Brexit (AP). France's President Macron offers concessions to yellow-vest unrest (Foreign Policy, Foreign Affairs).
The US House Judiciary Committee's quizzing of Google CEO Sundar Pichai yesterday is lamented as a lost opportunity (Bloomberg). Democrats and Republicans are seen as having swapped partisan shots at the expense of examining Big Tech's manifold issues (WIRED). The Committee did ask directly if Project Dragonfly is a censored search engine built for China's government (Fifth Domain). Pichai's evasive non-answer is taken by many as amounting to "yes," but Google says nothing to see here. Many think Google emerged "unscathed," but Mountain View's appetite for user data was duly noted (Roll Call).
Dashlane offers a list of 2018's worst password offenders: Kanye West, the Pentagon, cryptocurrency speculators, Nutella, British lawyers, Texas, the White House staff, the UN, and, sad-to-say, the University of Cambridge.
Today's edition of the CyberWire reports events affecting Canada, China, European Union, France, Iran, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, United States.
How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey
What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.
DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp(Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.
Rapid Prototyping Event: The Wolf in Sheep's Clothing(Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.
The Kremlin’s Disinformation Strategy Has Run Aground in the Sea of Azov(Ukraine Elects) Based on the official statements from the US, EU, and NATO, it would seem that the disinformation operations conducted by the Kremlin after their recent aggression in the Sea of Azov were not very successful. Although there were a few alibi statements calling on “both sides” to de-escalate; it a
Russian Aggression in the Kerch Strait Is Also Aimed at Ukraine’s Democracy(Ukraine Elects) On November 25, Ukraine's National Security and Defense Council, chaired by President Petro Poroshenko, unanimously decided to introduce martial law after an emergency meeting, in accordance with the Constitution of Ukraine (Article 83). The Verkhovna Rada convened to approve the presidential decree
China’s spies are taking Britain for a ride(Times) The arrest of a Red Princess has sent relations between China and the America into a tailspin. Meng Wanzhou, daughter of the founder of the Chinese telecoms group Huawei and granddaughter of a...
Cobalt Group: The 101(Fidelis Cybersecurity) Cobalt Group - who they are, who they target and an update on their box of tricks.
Exploit Code for the Kubernetes Flaw Is Now Available(BleepingComputer) The recently disclosed critical-impact bug in Kubernetes created strong ripples in the security world of the container-orchestration system. Now, multiple demo exploits exist and come with easy-to-understand explanations.
Emotet trojan is back with a vengeance(Security Boulevard) Emotet is back. The infamous trojan now features an all-new email harvesting module that is helping malware authors create scarily realistic malicious emails.
Clemson’s Cautionary Cryptomining Tale(HPCwire) In some ways, the bigger the computer, the more vulnerable it is to cryptomining as Clemson University discovered after cryptominers dug into its Palmetto
CapitalInstall hosted and served via IaaS(Netskope) Netskope Threat Research Labs detected an Adware family named, ‘CapitalInstall’ delivered from Microsoft Azure blob storage whose IP range was whitelisted by the multiple customers. The malware was identified via telemetry that recently alerted us on a high number of detections. These detections were related to multiple customers in the health and retail sector that …
Text CAPTCHAs easily beaten by neural networks(Naked Security) As CAPTCHA-haters know to their frequent irritation, the death of the text-based Completely Automated Procedures for Telling Computers and Humans Apart tends to be exaggerated.
16,000 Redwood Eye Center Patients Impacted by MSP Breach(HIPAA Journal) A managed service provider that hosts the electronic health records of Redwood Eye Center in Vallejo, CA has experienced a security breach that has resulted in the exposure of 16,000 patients' protected health information.
Security Patches, Mitigations, and Software Updates
Patch Tuesday, December 2018 Edition(KrebsOnSecurity) Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications. Adobe has issued security fixes for its Acrobat and PDF Reader products, and has a patch for yet another zero-day flaw in Flash Player that is already being exploited in the wild.
Fast & Furious IoT Botnets: Regifting Exploits(Arbor Networks Threat Intelligence) NETSCOUT Threat Intelligence honeypot data reveals that attackers are increasingly adding exploitation attempts of old vulnerabilities to their arsenals in addition to brute-forcing. Through the course of our research, we determined that the average time it takes for a new device to come online and when it first gets brute-force attempts is approximately five minutes. Within twenty-four hours, those same devices will receive exploitation attempts against known vulnerabilities.
Internet Security Report - Q3 2018(WatchGuard) The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Their smart, practical security advice contained in the Internet Security Report will enable you to better protect your organization in the ever-changing threat landscape.
Cyber Intrusion Services Casebook 2018(CrowdStrike) Threat actors are continuously adopting new means to achieve their objectives. Drawn from real-life client engagements, the annual CrowdStrike® Cyber Intrusion Services Casebook 2018 provides valuable insights into ever-evolving attacker tactics, techniques and procedures (TTPs).
How to play nice in the same sandbox(Defense News) When the Pentagon touted plans to cozy up more with Silicon Valley tech firms, the focus remained on challenges that permeated mostly from inside the building. Seemingly taken for granted was this notion that traditional defense companies and Silicon Valley-types could play nice.
LINE acquires Korea-based cyber security company GrayHash(Yahoo) GrayHash will develop and optimise security solutions for LINE’s services, including messenger, fintech, AI, blockchain and the digital asset exchange LINE Plus Corporation announced today that it has acquired GrayHash, an online security research centre specialising in ‘offensive research’ and counter-hacking
How Enhanced Network Metadata Resolution Facilitates Network...(Bricata) We recently announced a new version of our product – Bricata Delivers Improved Threat Hunting with Enhanced Network Metadata Resolution, Scalability, and View Customization – the fourth such update we’ve made to date this year (see the list below). The... #networksecurity #threathunting
Grammarly’s Bug Bounty Program Goes Public: Q&A with VP of Engineering Joe Xavier(HackerOne) It’s been over a year since Grammarly launched its first bug bounty program on HackerOne. It’s been a private, invite-only program ever since. That is, until today! We sat down with the company’s VP of Engineering Joe Xavier to learn more about how the newly public bug bounty program fits into the team’s overall security strategy, what it’s like working with hackers, and any advice for other organizations considering the bug bounty model.
Seven cyberintelligence insights for a more secure business(Intelligent CIO Middle East) Cyberthreat intelligence (CTI) involves the collection, evaluation, verification and distribution of information about ongoing and emerging cyberthreats and attacks against network assets and infrastructure. It is becoming increasingly difficult and costly for organisations to defend against cyberattacks on their own, with more companies reaching out to their peers and other sources for threat intelligence data. […]
IARPA posts new BAA for SAILS program(Intelligence Community News) On December 11, the Intelligence Advanced Research Projects Activity posted a new broad agency announcement for the Secure, Assured, Intelligent Learning Systems (SAILS) program (Solicitation Numbe…
House Releases Cybersecurity Strategies Report(SecurityWeek) The U.S. House of Representatives’ Committee on Energy and Commerce has released a report identifying strategies for the prevention and mitigation of cybersecurity incidents.
Sen. Warner Warns China, Russia are Accelerating Cyber, Disinformation Capabilities(USNI News) The vice chairman of the Senate Select Committee on Intelligence gave a sobering assessment of the expanding ability of Russia and China to interfere with U.S. institutions through cyber and disinformation campaigns. Sen. Mark Warner (D-Va.) said the General Accountability Office “found almost all our new weapons systems are vulnerable” to cyber attacks, …
UK disarray: May to face no-confidence vote from her party(AP NEWS) British Conservative lawmakers forced a no-confidence vote in Prime Minister Theresa May for Wednesday, throwing U.K. politics deeper into crisis and Brexit further into doubt. May vowed to fight for the leadership of her party and the country "with everything I've got" after opponents who have been circling for weeks finally got the numbers they needed to spark a vote among Conservative Party lawmakers later in the day. The leadership challenge marks a violent eruption of the Conservative Party's decades-long divide over Europe.
OMB expands definition of high-value assets(FCW) The Office of Management and Budget is making sure all agencies develop plans to protect their most sensitive, most valuable cybersecurity assets, and designate an agency-level office or team to secure them.
Litigation, Investigation, and Law Enforcement
Russian official offers to unveil correspondence with US(AP NEWS) A top official at Russia's cybersecurity agency has offered to publish its communications with American counterparts during the 2016 U.S. election campaign. Nikolai Murashov, a deputy head of the Russian National Coordinating Center for Computer Incidents, said Tuesday that the first U.S. official request regarding the hacking into the Democratic National Committee came on Oct. 31, 2016. He said his agency provided specific answers in response to the U.S. query and subsequent requests. Murashov added that his agency was ready to release its correspondence with U.S. authorities if Washington agrees.
U.S. investigators point to China in Marriott hack affecting 500 million guests(Washington Post) U.S. government investigators increasingly believe that Chinese state hackers were most likely responsible for the massive intrusion reported last month into Marriott’s Starwood chain hotel reservation system, a breach that exposed the private information and travel details of as many as 500 million people, according to two people briefed on the government investigation.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
CPX Asia 360 2019(Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.