skip navigation

More signal. Less noise.

1 million credentials fall into criminal hands every single day.

That's just one of the findings from the 2018 Credential Spill Report, which analyzed all of the usernames and passwords that were reported as compromised last year. The report also studied credential stuffing attack data across four major industries, finance, airlines, retail, and hotels, finding that retailers were by far the most targeted for account takeover. Read the report to learn about new ways attackers disguise credential stuffing and the total cost of attacks.

Daily briefing.

A fake bomb threat is being used to extort Bitcoin from businesses, mostly in the US and Canada. Several businesses closed and evacuated their offices, but no bombs were found (Ars Technica). The poorly worded email threats bear the common usage and grammatical markers of non-native-speaking spam, but unlike sextortion, a bomb threat, even an implausible one, is harder to shake off (WIRED). A SANS writer suggests “boomstortion” as a name for this kind of caper.

China has come in for considerable criticism in recent weeks for its cyber operations, particularly those devoted to industrial espionage. It’s displaced, at least for now, Russia as the prime adversary in American policymakers’ public statements (POLITICO). That China is an aggressive cyber power isn’t open to doubt, but criminals are increasingly flying Chinese false flags in attacks that have little to do with Beijing (Fifth Domain). Attacks in Russia also suggest that criminals are trying to pass themselves off as intelligence services, the better to deflect official suspicion (ComputerWeekly).

That said, there are nation-state campaigns afoot. China is probing US Navy contractors (Wall Street Journal), and Russia’s Fancy Bear is phishing widely in foreign governments (SecurityWeek).

ISIS has hailed the Strasbourg Christmas market killer as one of its soldiers. The terrorist, killed by police, was apparently radicalized in prison. Whether ISIS played a role in inspiring him or is simply retrospectively and opportunistically claiming responsibility is unclear, but the terror group as always is attentive to the seasons in its propaganda (Local—France).


Today's issue includes events affecting Canada, China, European Union, India, Iran, Israel, Democratic Peoples Republic of Korea, Kuwait, Malaysia, Myanmar, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, United States.

How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey

What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.

In today's podcast, up later this afternoon, we speak with our partners at Accenture Labs, as Malek Ben Salem talks about smart speaker vulnerabilities. Our guest, Laura Noren from Obsidian Security, discusses the ethics of data science.

DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp (Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.

Rapid Prototyping Event: The Wolf in Sheep's Clothing (Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.

Cyber Attacks, Threats, and Vulnerabilities

Mass email hoax causes closures across the US and Canada (Ars Technica) Emails threaten explosions unless people pay $20,000 in Bitcoin.

Nationwide Bomb Threats Look Like a New Spin on an Old Bitcoin Scam (WIRED) Apparent bitcoin scammers caused chaos across the US Thursday, radically escalating longstanding tactics.

Bombstortion?? Boomstortion?? (SANS Internet Storm Center) First sextortion, now bombstortion?

Spammed Bomb Threat Hoax Demands Bitcoin (KrebsOnSecurity) A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day.

Chinese Hackers Breach U.S. Navy Contractors (Wall Street Journal) Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, officials and experts said, triggering a top-to-bottom review of cyber vulnerabilities.

Hackers are making their attacks look like they came from the Chinese government (Fifth Domain) Because Chinese hackers often use publicly available tools for their operations, it is easy to mimic their signature viruses.

Campaign Targets Critical Russian Infrastructure (Infosecurity Magazine) A Russian oil company was targeted by financially motivated attackers.

Criminals act like nation-state attackers in Russian campaign ( Security researchers have uncovered evidence of a sustained effort targeting Russian state-owned critical infrastructure companies by financially-motivated non-state actors

Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure (Threat Vector) Nation-state conflict has come to dominate many of the policy discussions and much of the strategic thinking about cybersecurity. In this Threat Intelligence Bulletin, we’ll show how an investigation into the apparent targeting of a state-owned Russian oil company led to the uncovering not of a state-sponsored campaign, but of the bold activity of what we believe to be a criminal effort motivated by the oldest of incentives—money.

Russia-Linked Phishing Attacks Hit Government Agencies on Four Continents (SecurityWeek) Russian cyber-espionage group Sofacy hit government agencies in four continents in an attempt to infect them with malware, Palo Alto Networks security researchers say.

Shamoon Disk-Wiping Malware Re-Emerges with a Third Variant (BleepingComputer) Two new samples of the Shamoon data have been discovered in the wild, after a period of silence that lasted for about two years.

Iran hackers hunt nuke workers, US officials (Fifth Domain) The Associated Press drew on data gathered by the London-based cybersecurity group Certfa to track how in the wake of sanctions on Iran a hacking group often nicknamed Charming Kitten tried to break into the emails of U.S. Treasury officials, as well as atomic scientists, civil society figures and think tank employees.

Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail (Ars Technica) Group breaches SMS-protected accounts. It's still testing attacks against 2fa apps.

Op 'Sharpshooter' Uses Lazarus Group Tactics, Techniques, and Procedures (BleepingComputer) A new advanced threat actor has emerged on the radar, targeting organizations in the defense and the critical infrastructure sectors with fileless malware and an exploitation tool that borrows code from a trojan associated with the Lazarus group

Malaysian government targeted with mash-up espionage toolkit (WeLiveSecurity) We sat down with ESET’s Tomáš Gardoň and Filip Kafka to get a better understanding of the targeted attack against the Malaysian government.

LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents (Proofpoint) Proofpoint researchers detail a new malicious document builder known as LCG Kit.

Archive file carrying an obfuscated and multi-staged downloader first spotted...Microsoft Security Bulletin Coverage for December 2018 (SonicWall) SonicWall RTDMI engine detected a number of PDF files containing link to malicious archive file. The non-existence of this malicious file at the time of detection in popular malware search portals like the VirusTotal and the Reversing Labs indicates the effectiveness of the RTDMI engine.

L0rdix becomes the new Swiss Army knife of Windows hacking (ZDNet) The new tool combines data theft and cryptocurrency mining as a go-to product for attacking Windows machines.

Cybercriminals Use Malicious Memes that Communicate with Malware (TrendLabs Security Intelligence Blog) Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes.

Electric car chargers 'hackable', warns Kaspersky (Computing) Remote-access features of electric car chargers can be exploited by attackers to damage the vehicles, claims Kaspersky

AccuDoc data incident highlights ‘growing calamity’ of third-party breaches (The Daily Swig | Web security digest) No end in sight for outsourced leaks The scourge of third-party data breaches is only going to get worse since organizations are becoming increasingly reliant on external service providers for critica

The Ransomware Doctor Without a Cure (Check Point Research) When it comes to ransomware attacks, there is nothing a company hates more than paying the demanded ransom. It is an unexpected fine often caused by a tiny, yet crucial mistake – an unpatched device, an out-of-date product or an innocent human error. It may harm the reputation of the security department, but most of...

Security Patches, Mitigations, and Software Updates

Microsoft's December Security Patches Includes Fixes for Two Active Exploits (Redmondmag) Microsoft ended the patch year on Tuesday with a whimper of sorts, releasing an estimated 39 security fixes in its December bundle plus one security advisory, according to a count by Trend Micro's Zero Day Initiative.

Google Beefs Up Android Key Security for Mobile Apps (Threatpost) Changes to how data is encrypted can help developers ward off data leakage and exfiltration.

Cyber Trends

US intelligence community says quantum computing and AI pose an ’emerging threat’ to national security (TechCrunch) It’s not often you can put nuclear weapons, terrorism and climate change on the same list as quantum computing, artificial intelligence and the Internet of Things, but the U.S. government believes all pose an “emerging threat” to its national security. Several key agencies in the …

Two Thirds of Retailers Increase Cybersecurity Measures During the Holiday Season to Defend Against the Rise in Social Engineering Attacks (PR Newswire) Infoblox Inc., the leader in Secure Cloud-Managed Network Services, today announced new research revealing...

Retail Risks Revealed: Cybersecurity Threats at All Time High During the Holidays (Infoblox) An International Survey of Retail IT Professionals and Consumers

Crisis Management Benchmarking Report (Morrison Foerster) Today’s business landscape is fraught with risk.

Most concerning security controls for cyberattackers? Deception and IDS (Help Net Security) Attivo Networks surveyed more than 450 cybersecurity professionals and executives globally to gain insights into detection trends, top threat concerns.

Most organizations suffered a business-disrupting cyber event (Help Net Security) A study conducted by Ponemon Institute found that 60 percent of organizations globally had suffered a business-disrupting cyber event.

Cybersecurity Predictions for 2019 (SC Media) Here are six emerging cybersecurity trends that can help organizations stay strong in the coming year and build up their cyber defenses.

Research: Marketing Executives Underestimate Email-Based Brand Risks (Sys-Con Media) Marketing executives less concerned about threats than IT/security colleagues - but have a common interest in email service visibility and deliverability

25% of malicious emails still make it through to recipients (Security Brief) Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.

Cyber security threat lurks deep for industry (Upstream Online | Latest oil and gas news) Warnings increase as speed of digitalisation across oil and gas sector has brought dangers from hacking

Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business (Dark Reading) Enterprises are struggling with familiar old security challenges as a result, new survey shows.

2018 – A Year of Data Breaches in Review (Bitdefender) 2018 – A Year of Data Breaches in Review


The Divide Between Silicon Valley and Washington Is a National-Security Threat (The Atlantic) Closing the gap between technology leaders and policy makers will require a radically different approach from the defense establishment.

How to fight the cybersecurity talent shortage (Verizon) Cybersecurity has become critically important for businesses. However, an increase in demand for employees with top-notch cybersecurity skills has led to a marketplace shortage.

Bug Hunting Is Cybersecurity's Skill of the Future (Infosecurity Magazine) 80% of security researchers say that hunting skills helped land them a job.

What's the big deal about Huawei? (Finger Lakes Times) The arrest of a Chinese tech executive in Canada this month has quickly become a focal point in a wider battle between the U.S. and China over trade, national security

Thales Gemalto Deal Approved: But EU Demands Divestments (Computer Business Review) The European Commission has approved the €4.8 billion ($5.6 billion) takeover of Gemalto by France's defence multinational Thales Group. The Thales Gemalto

Jack Dorsey and Twitter ignored opportunity to meet with civic group on Myanmar issues (TechCrunch) Responding to criticism from his recent trip to Myanmar, Twitter CEO Jack Dorsey said he’s keen to learn about the country’s racial tension and human rights atrocities, but it has emerged that both he and Twitter’s public policy team ignored an opportunity to connect with a key ci…

Saipem revenues will not be impacted by cyber attack (Reuters) A cyber attack on Italian oil service contractor Saipem will have no impact on t...

BlackBerry’s $1.4bn Cylance Deal to Boost IoT Offer Despite Some Expert Skepticism (Toolbox) Blackberry announced a strategic acquisition earlier this month that will boost its ability in securing end-point devices. The purchase of cybersecurity and artificial intelligence company Cylance for $1.4 billion in cash, confirms that, with the iconic handset no longer ubiquitous in the business community, Blackberry is determined to consolidate...

AFRL contract goes to firm with Dayton ties (Dayton Daily News) Galois wins AFRL contract

JASK Expands Leadership Team with Appointment of Mark Boullie as Chief Revenue Officer (JASK) JASK announced the appointment of Mark Boullie as Chief Revenue Officer (CRO). Boullie will be responsible for leading the company’s global enterprise and channel sales teams and other customer-facing aspects of the company, such as business development, customer success and overall revenue operations.

Skybox Security Appoints Amrit Williams as Vice President of Products (APN) Skybox® Security, a global leader in cybersecurity management solutions, announced today that Amrit Williams has joined the company as Vice President of products. Williams brings to the company more than 20 years of product innovation and thought leadership in the cybersecurity space. As the head of product management, he will be responsible for driving […]

Products, Services, and Solutions

Cyxtera Integrates Zero-Trust Security into Global Data Center Footprint (PR Newswire) Cyxtera Technologies, the secure infrastructure company, today announced the integration of AppGate SDP, its...

Pulse Secure’s VPN solution earns “High Scores” from IAIT Lab for Zero Trust-based Secure Access (Pulse Secure) Leading independent German product testing lab publishes a detailed examination and positive results on Pulse Connect Secure usability, capability and interoperability

Malwarebytes Announces Partnership with Bask, a Division of Nanoheal (Malwarebytes Press Center) Malwarebytes announced today a new partnership with Bask, a division of Nanoheal, a leader in consumer tech support. The partnership is an important step in Bask’s focus and investment in supporting consumer and small business customers with premier endpoint protection.

DFLabs Innovative Open Framework Enables Fine Grained Integration of SOAR and Security Tools (BusinessWire) New DFLabs open integration framework enables fine grained customization of SOAR actions between IncMan and security tools with no complex coding.

Cisco retires workhorse mid-range firewalls (CRN Australia) FirePOWER 7000 and 8000 series death day named, replacements in place.

Cymulate and Symantec announce shared research of email-based attacks (Help Net Security) The partnership allows Cymulate and Symantec to share the information of how attackers use emails and files to bypass security and infect organizations.

RiskSense platform addresses security and IT operations gaps (Help Net Security) RiskSense platform enhancements address cybersecurity and ITOps gaps with ServiceNow integrations for remediation of vulnerabilities through collaboration.

CyberInt Launches Managed Cloud Security Services (PR Newswire) Ensures comprehensive protection of cloud environments CyberInt, the leading cybersecurity provider of...

​Google latest cloud to be Australian government certified (ZDNet) 12 vendors, including eight global players, sit on the Australian Cyber Security Centre's secure cloud provider list.

Technologies, Techniques, and Standards

What isn’t understood about control system cyber security can lead to catastrophic failures (Control Global) Before it’s too late, we’d do well to start addressing the existential problems in the physical world, in addition to the important data problems in cyberspace.

This early GDPR adtech strike puts the spotlight on consent (TechCrunch) What does consent as a valid legal basis for processing personal data look like under Europe’s updated privacy rules? It may sound like an abstract concern but for online services that rely on things being done with user data in order to monetize free-to-access content this is a key question …

#2018InReview Compliance and GDPR (Infosecurity Magazine) Looking at the year in compliance, the impact of GDPR and how much more the DPO needs to play a role in the business.

AWO Releases Cyber Risk Management Best Practices for Tugboat, Towboat and Barge Industry (PR Newswire) The American Waterways Operators has released best practices to help the American tugboat, towboat and barge...

CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks (Dark Reading) But it still takes an average of 85 days to spot one, the security firm's incident response investigations found.

Coders Conquer Security: Share & Learn Series - Cross-Site Request Forgery (Insights: Secure Code Warrior) CSRF attacks are fairly complex and rely on multiple layers to be successful. In other words, lots of things have to break in favor of the attacker for it to work. Despite this, they are an extremely popular, lucrative attack vector.

How Email Open Tracking Quietly Took Over the Web (WIRED) You give up more privacy than you might think each time you open an email.

Eight simple tricks to keep hackers from ruining Christmas shopping (Washington Post) Here’s how to be a defensive online shopper — even on Amazon — in a world where data breaches are the new norm.

Design and Innovation

Law firms "will stop using email within five years" (Legal Futures) Email will be replaced within five years by a more secure means of communication for law firms, an expert predicted this week. Meanwhile, the SRA is using behavioural science in its messaging.

Research and Development

A quantum threat gets its moment of fame (Physics World) Why quantum cryptography is attracting attention from more than just the usual suspects


Universities Get Schooled by Hackers (Dark Reading) Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.

How students learn to code, evaluate job opportunities (Help Net Security) Student developers are not dependent solely on university curricula to keep up with today's expectations of software engineers.

Legislation, Policy, and Regulation

The Negative Consequences of Putin’s Strategy (Atlantic Council) It has become an accepted line of thought that Russian President Vladimir Putin is playing chess on the international stage while the majority of Western leaders play checkers. His high-profile appearances among other world leaders at the G20...

Huawei Is the Doorway to China's Police State (The National Interest) The free world should be worried about the creation of a police state under the technology umbrella of Huawei.

Grassley: Russia 'hysteria' overshadows China threat (POLITICO) China poses a "greater, more existential threat," the judiciary chairman warns.

The U.S. Should Use Beijing’s Social Credit System against China (The National Interest) Beijing's social credit scheme can be an intelligence trove for Washington.

Opinion | Washington must wake up to the abuse of software that kills (Washington Post) Israel-based NSO Group has been selling spyware to dictators, and Washington firms have been helping them.

Pentagon to Take Over All Security Clearances in Nine Months, Officials Say ( The move will mean absorbing the National Background Investigations Bureau and its 2,000 employees.

Litigation, Investigation, and Law Enforcement

Strasbourg Christmas market shooting: suspect on the run after three killed (the Guardian) France upgrades security threat level after terrorist attack leaves at least 12 injured

'The Strasbourg attack is a brutal reminder of how terrorism has changed' (The Independent) The fevered conspiracy theories that emerged after Tuesday's violence show how a generation of radicalised criminals has sown distrust in society

Strasbourg attacker Cherif Chekatt was extremist – and thief (The National) Hundreds of police have been mobilised across France and Germany to find the fugitive.

Second Canadian held by China as trade row deepens (Trump) Canada has warned President Trump not to interfere in an extradition case that has set off a row between Beijing, Ottawa and Washington after the tit-for-tat detention of Canadians in China. The...

Crime gangs using social media to entrap police officers (Times) Organised crime gangs are threatening to entrap Scottish police officers by infiltrating their social media accounts, the force has said. The warning came amid a rising number of investigations...

No-win-no-fee company fined by ICO for illegal text messages (Computing) ICO: 'Generic third-party consent is not enough and companies will be fined if they break the law'

ICO Slaps £200K Fine on Nuisance Text Biz (Infosecurity Magazine) London-based Tax Return Limited sent out nearly 15 million unsolicited texts

Cyber-Criminal Gets 20 Months After Using Home-Made Fraud Device (Infosecurity Magazine) Tony Muldowney-Colston once pioneered acid house raves in the 80s

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.