1 million credentials fall into criminal hands every single day.
That's just one of the findings from the 2018 Credential Spill Report, which analyzed all of the usernames and passwords that were reported as compromised last year. The report also studied credential stuffing attack data across four major industries, finance, airlines, retail, and hotels, finding that retailers were by far the most targeted for account takeover. Read the report to learn about new ways attackers disguise credential stuffing and the total cost of attacks.
December 14, 2018.
By the CyberWire staff
A fake bomb threat is being used to extort Bitcoin from businesses, mostly in the US and Canada. Several businesses closed and evacuated their offices, but no bombs were found (Ars Technica). The poorly worded email threats bear the common usage and grammatical markers of non-native-speaking spam, but unlike sextortion, a bomb threat, even an implausible one, is harder to shake off (WIRED). A SANS writer suggests “boomstortion” as a name for this kind of caper.
China has come in for considerable criticism in recent weeks for its cyber operations, particularly those devoted to industrial espionage. It’s displaced, at least for now, Russia as the prime adversary in American policymakers’ public statements (POLITICO). That China is an aggressive cyber power isn’t open to doubt, but criminals are increasingly flying Chinese false flags in attacks that have little to do with Beijing (Fifth Domain). Attacks in Russia also suggest that criminals are trying to pass themselves off as intelligence services, the better to deflect official suspicion (ComputerWeekly).
That said, there are nation-state campaigns afoot. China is probing US Navy contractors (Wall Street Journal), and Russia’s Fancy Bear is phishing widely in foreign governments (SecurityWeek).
ISIS has hailed the Strasbourg Christmas market killer as one of its soldiers. The terrorist, killed by police, was apparently radicalized in prison. Whether ISIS played a role in inspiring him or is simply retrospectively and opportunistically claiming responsibility is unclear, but the terror group as always is attentive to the seasons in its propaganda (Local—France).
Today's issue includes events affecting Canada, China, European Union, India, Iran, Israel, Democratic Peoples Republic of Korea, Kuwait, Malaysia, Myanmar, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, United States.
How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey
What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.
DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp(Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.
Rapid Prototyping Event: The Wolf in Sheep's Clothing(Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.
Spammed Bomb Threat Hoax Demands Bitcoin(KrebsOnSecurity) A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day.
Chinese Hackers Breach U.S. Navy Contractors(Wall Street Journal) Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, officials and experts said, triggering a top-to-bottom review of cyber vulnerabilities.
Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure(Threat Vector) Nation-state conflict has come to dominate many of the policy discussions and much of the strategic thinking about cybersecurity. In this Threat Intelligence Bulletin, we’ll show how an investigation into the apparent targeting of a state-owned Russian oil company led to the uncovering not of a state-sponsored campaign, but of the bold activity of what we believe to be a criminal effort motivated by the oldest of incentives—money.
Iran hackers hunt nuke workers, US officials(Fifth Domain) The Associated Press drew on data gathered by the London-based cybersecurity group Certfa to track how in the wake of sanctions on Iran a hacking group often nicknamed Charming Kitten tried to break into the emails of U.S. Treasury officials, as well as atomic scientists, civil society figures and think tank employees.
Cybercriminals Use Malicious Memes that Communicate with Malware(TrendLabs Security Intelligence Blog) Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes.
The Ransomware Doctor Without a Cure(Check Point Research) When it comes to ransomware attacks, there is nothing a company hates more than paying the demanded ransom. It is an unexpected fine often caused by a tiny, yet crucial mistake – an unpatched device, an out-of-date product or an innocent human error. It may harm the reputation of the security department, but most of...
Security Patches, Mitigations, and Software Updates
How to fight the cybersecurity talent shortage(Verizon) Cybersecurity has become critically important for businesses. However, an increase in demand for employees with top-notch cybersecurity skills has led to a marketplace shortage.
What's the big deal about Huawei?(Finger Lakes Times) The arrest of a Chinese tech executive in Canada this month has quickly become a focal point in a wider battle between the U.S. and China over trade, national security
BlackBerry’s $1.4bn Cylance Deal to Boost IoT Offer Despite Some Expert Skepticism(Toolbox) Blackberry announced a strategic acquisition earlier this month that will boost its ability in securing end-point devices. The purchase of cybersecurity and artificial intelligence company Cylance for $1.4 billion in cash, confirms that, with the iconic handset no longer ubiquitous in the business community, Blackberry is determined to consolidate...
Skybox Security Appoints Amrit Williams as Vice President of Products(APN) Skybox® Security, a global leader in cybersecurity management solutions, announced today that Amrit Williams has joined the company as Vice President of products. Williams brings to the company more than 20 years of product innovation and thought leadership in the cybersecurity space. As the head of product management, he will be responsible for driving […]
Malwarebytes Announces Partnership with Bask, a Division of Nanoheal(Malwarebytes Press Center) Malwarebytes announced today a new partnership with Bask, a division of Nanoheal, a leader in consumer tech support. The partnership is an important step in Bask’s focus and investment in supporting consumer and small business customers with premier endpoint protection.
This early GDPR adtech strike puts the spotlight on consent(TechCrunch) What does consent as a valid legal basis for processing personal data look like under Europe’s updated privacy rules? It may sound like an abstract concern but for online services that rely on things being done with user data in order to monetize free-to-access content this is a key question …
#2018InReview Compliance and GDPR(Infosecurity Magazine) Looking at the year in compliance, the impact of GDPR and how much more the DPO needs to play a role in the business.
Law firms "will stop using email within five years"(Legal Futures) Email will be replaced within five years by a more secure means of communication for law firms, an expert predicted this week. Meanwhile, the SRA is using behavioural science in its messaging.
Universities Get Schooled by Hackers(Dark Reading) Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
The Negative Consequences of Putin’s Strategy(Atlantic Council) It has become an accepted line of thought that Russian President Vladimir Putin is playing chess on the international stage while the majority of Western leaders play checkers. His high-profile appearances among other world leaders at the G20...
Second Canadian held by China as trade row deepens(Trump) Canada has warned President Trump not to interfere in an extradition case that has set off a row between Beijing, Ottawa and Washington after the tit-for-tat detention of Canadians in China. The...
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
CPX Asia 360 2019(Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.