1 million credentials fall into criminal hands every single day.
That's just one of the findings from the 2018 Credential Spill Report, which analyzed all of the usernames and passwords that were reported as compromised last year. The report also studied credential stuffing attack data across four major industries, finance, airlines, retail, and hotels, finding that retailers were by far the most targeted for account takeover. Read the report to learn about new ways attackers disguise credential stuffing and the total cost of attacks.
December 13, 2018.
By the CyberWire staff
A new variant of Shamoon malware has been reported in the attack against Italian oil-field services company Saipem (Reuters). Shamoon first surfaced in 2012 attacks against Saudi Aramco, It's a wiper, and its earlier uses have generally been associated with Iran (Infosecurity Magazine). The attack on Saipem may have been staged through Chennai, India (Offshore Technology).
The US hasn't yet indicted Chinese nationals on hacking charges, nor have new sanctions been levied, but the anticipated public denunciation of Chinese activities in cyberspace has begun (Wall Street Journal). Senior counterintelligence officials delivered harsh remarks yesterday in testimony before the Senate Judiciary Committee. Representatives of the FBI, DHS, and Justice Department outlined a view of Chinese strategy designed to supplant US world technological and economic leadership. The playbook is "rob, replicate, and replace," as Assistant Attorney General Demers put it (Washington Post).
Indictments are still widely expected, as investigation of the Marriott breach increasingly looks toward Chinese intelligence services as likely culprits (WIRED).
The Senate hearings were noteworthy for warnings about influence operations exercised in universities through Confucius Institutes. In the UK, MPs also warned of Chinese presence in universities, but the British problem is seen as excessive coziness with Huawei (Telegraph).
China has taken a second Canadian citizen into custody even as Huawei's CFO posts bail in Vancouver (CNN).
British Prime Minister May survived her party's confidence vote yesterday evening (BBC). France's President Macron, his concessions largely rejected by the Gilets Jaunes (France 24), now faces his own no-confidence challenge (Express).
Today's edition of the CyberWire reports events affecting Azerbaijan, Australia, Columbia, Estonia, European Union, Finland, France, Germany, India, Iran, Israel, Kuwait, Mali, Netherlands, New Zealand, Norway, Russia, Saudi Arabia, Sierra Leone, Syria, Turkey, United Arab Emirates, United Kingdom, United States.
How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey
What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.
And, since it's Thursday, Hacking Humans is also up. In this episode, "A pesky problem that doesn't go away," Joe describes a Nigerian gang called "London Blue" that focuses on business email compromise. Dave shares surprising Cyber Monday phishing statistics. Our guest, Chris Bailey from Entrust Datacard, teaches us how to detect lookalike sites online and better protect ourselves from fraud.
DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp(Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.
Rapid Prototyping Event: The Wolf in Sheep's Clothing(Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.
Cyber Attacks, Threats, and Vulnerabilities
AP Exclusive: Iran hackers hunt nuclear workers, US targets(AP NEWS) As U.S. President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them, The Associated Press has found — another sign of how deeply cyberespionage is embedded into the fabric of US-Iranian relations.
Cryptocurrency Miner Spreads via Old Vulnerabilities on Elasticsearch(TrendLabs Security Intelligence Blog) We detected mining activity on our honeypot that involves the search engine Elasticsearch, which is a Java-developed search engine based on the Lucene library and released as open-source. The attack was deployed by taking advantage of known vulnerabilities CVE-2015-1427, a vulnerability in its Groovy scripting engine that allows remote attackers to execute arbitrary shell commands through a crafted script, and CVE-2014-3120, a vulnerability in the default configuration of Elasticsearch.
An critical bug in Microsoft left 400M accounts exposed(HackRead) A bug bounty hunter from India, Sahad Nk who works forSafetyDetective, a cybersecurity firm, has received a reward from Microsoft for uncovering and reporting a series of critical vulnerabilities in Microsoft accounts.
Phishing Attack Through Non-Delivery Notification(SANS Internet Storm Center) Here is a nice example of phishing attack that I found while reviewing data captured by my honeypots. We all know that phishing is a pain and attackers are always searching for new tactics to entice the potential victim to click on a link, disclose personal information or more…
Apple plans major US expansion including a new $1 billion campus in Austin(TechCrunch) Apple has announced a major expansion that will see it open a new campus in North Austin and open new offices in Seattle, San Diego and Los Angeles as it bids to increase its workforce in the U.S. The firm said it intends also to significantly expand its presence in Pittsburgh, New York and Boulder…
Trustworthy Network Segmentation for an Untrustworthy World(Security Boulevard) Denial is not a strategy. The reality is that networks, PCs and XenApp clients are susceptible to attacks, if they haven’t been breached already. Network segmentation is an imperative. Organizations need to isolate applications that contain sensitive data, but this approach can introduce the cost and hassle of issuing a second PC for authorized users. Establish true end-to-end protections around sensitive The post Trustworthy Network Segmentation for an Untrustworthy World appeared first on Bromium.
Scanning for Flaws, Scoring for Security(KrebsOnSecurity) Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices?
Cloud Security Not Automatic(Wall Street Journal) Many firms neglect basic due diligence when it comes to cloud security, falsely believing cloud-service providers automatically handle all their security needs, says Roland Cloutier, chief security officer at Automatic Data Processing Inc.
OPAQ Awarded Patent for Software-Defined Network Segmentation(AP NEWS) OPAQ , the network security cloud company, today announced that it has received a patent from the United States Patent & Trademark Office for its software-defined network segmentation technology that monitors connection requests on endpoint devices and transparently enforces security policies to prevent lateral attacks on corporate networks (Patent # 10,122,760).
Injured jihadist on the run after Strasbourg attack(Times) Hundreds of police across France and Germany were hunting last night for a 29-year-old man who killed at least two people while shouting Allahu akbar in the Christmas market in Strasbourg. Seven of...
Islamic State unleashes suicide bombers in Hajin, Syria(FDD's Long War Journal) In the past 24 hours, the Islamic State has conducted more than one suicide bombing against US-backed forces in Hajin, Syria. One Islamic State "martyr" blew himself up near the Hajin hospital, which became the scene of intense fighting earlier this week.
House Report Finds Equifax Picked Business Over Security(Decipher) The report from the House Oversight and Government Reform Committee on what happened at Equifax is case study in how a lot of small security and technology decisions can add up over time, with catastrophic results.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
CPX Asia 360 2019(Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.