skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

Diplomatic cables from the European Union were successfully intercepted (and presumably read) by “hackers,” as they’re being characterized. Area 1 is credited with discovering the intrusion. There’s not official attribution, yet, but experts say the techniques employed were characteristic of those used by Chinese services. This is of course circumstantial evidence, but many are persuaded (BBC).

To further complicate attribution, Recorded Future notes a trend in state intelligence operations: dumbing down your craft to make a hack look like the work of criminals or hacktivists (Daily Swig). This happens linguistically as well—it’s worth noting that the Internet Research Agency’s performance on Instagram and Twitter show that, had it chosen to use them, Moscow had an American English fluency available that never appeared (except perhaps by inversion) in ShadowBrokerese.

The New York Times reported yesterday that Facebook gave various Big-Tech partners, including Apple and Amazon, extensive access to user data. Facebook replies that the partnerships were benign, that user data weren’t handed over without user consent, and that in any case the more aggressive forms of sharing stopped as Facebook tightened its privacy policies over the past year. But eroding trust in the company seems to have made it impossible for Facebook to avoid another black eye. It’s running out of eyes: Facebook’s British nemesis, the Department for Digital, Culture, Media and Sport, has starchily requested an explanation (TechCrunch).

In the US, NASA reports a server breach with possible personal data compromise.

Huawei- and ZTE-skepticism surfaces in India (Business Today).

Notes.

Today's issue includes events affecting China, European Union, Germany, India, Iran, Israel, Lebanon, Russia, Taiwan, United Kingdom, United States.

A note to our readers: the CyberWire takes its annual holiday break next week, with Christmas and New Year's Day coming up. Our last issue of 2018 will be out Friday, December 21st. We'll resume regular publication on January 2nd, 2018. Our best holiday wishes to all of you.

How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey

What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.

In today's podcast, up later this afternoon, we speak with our partners at the University of Maryland, as Jonathan Katz describes security improvements in the Signal messaging app. Our guest, Michael Doran from Optiv, offers tips on protecting your organization from ransomware.

Cyber Security Summits: 2019 (United States, January 1 - December 31, 2019) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the FBI, Darktrace and more at the 2019 Cyber Security Summits. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).

DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp (Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.

Rapid Prototyping Event: The Wolf in Sheep's Clothing (Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.

Cyber Attacks, Threats, and Vulnerabilities

Hackers 'intercept EU diplomatic cables' (BBC News) It involves thousands of messages in which diplomats discussed Trump, trade and other issues.

Hacked European Cables Reveal a World of Anxiety About Trump, Russia and Iran (New York Times) The cables quote China’s president calling America a bully, show concerns about Russian nuclear weapons in Crimea and detail the White House walking back President Trump’s words.

Opinion | China’s interference in the 2018 elections succeeded — in Taiwan (Washington Post) Beijing is testing its ability to do Russian-style influence campaigns, and Washington must respond.

German security office warned German firms about Chinese hacking:... (Reuters) Germany's Office for Information Security (BSI) has issued warnings to seve...

Russian Embassy claims UK-based cyber attack launched against its website (The Telegraph) The Russian Embassy in London has claimed its website was targeted by hackers based in the UK.

Zebrocy, linked to APT28, being developed in multiple programming languages (CyberScoop) An elite hacking group is creating multiple versions of one of its go-to malicious tools in an apparent attempt to make its activity harder to detect.

State-backed hackers switch to inferior tactics to avoid being fingered for attacks (The Daily Swig | Web security digest) Hacking groups are keen to “blend in with the noise”, says former NSA official

Iranian cyber attacks threaten the U.S. Could Israel be next? (Jerusalem Post) Reports show Iranian fake news could succeed in causing public panic.

As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants (New York Times) Internal documents show that the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed.

Facebook Fights Back on Secret Data-Sharing Partnerships (Threatpost) Facebook is under fire again after a bombshell report claims it has broad data-sharing arrangements with Amazon, Apple, Netflix and others.

Let’s Clear Up a Few Things About Facebook’s Partners (Facebook Newsroom) We're facing questions about whether Facebook gave large tech companies access to people's information and, if so, why we did this.

Facebook waited months before admitting privacy bug exposed millions of users' unposted photos (Graham Cluley) At the end of last week Facebook revealed that an API bug had given developers of third-party apps access to the photos of millions of users.But Facebook didn't find out about the problem last week. It found out about it in September.

Apple, Amazon and many other firms granted special access to Facebook users' data, claims report (Computing) Facebook has 'work to do to regain people's trust' concedes privacy director

Facebook let outside companies read its users' private messages for years (The Telegraph) Facebook has been sharing the contents of users' private messages with other companies on a scale far beyond what it has publicly admitted, according to leaked internal documents.

Houston, we've had a problem: NASA fears internal server hacked, staff personal info swiped by miscreants (Register) Another leak, this time it's personal. Plus: Trump launches Space Force, er, Command

Potential Personally Identifiable Information (PII ) Compromise of NASA Servers (SpaceRef) Potential Personally Identifiable Information (PII ) Compromise of NASA Servers - SpaceRef

Danabot's Travels: A Global Perspective (Arbor Networks Threat Intelligence) First discovered in May of 2018, Danabot is a Delphi written banking trojan that has been under active development throughout the year. This malware’s early success can be attributed to its modular structure and mature distribution system. Throughout the year, NETSCOUT Threat Intelligence has observed the growth in distribution and global coverage of Danabot.

No Theft in Saipem Cyber Attack (Rigzone) Saipem reveals there has been no theft or loss of data in connection with the cyber attack it suffered recently.

Android Wallpaper Apps Found Running Ad Fraud Scheme (TrendLabs Security Intelligence Blog) Google confirmed removal of 15 malicious wallpaper apps we found committing click ad fraud.

After SamSam, Ryuk shows targeted ransomware is still evolving (Naked Security) Devastating, targeted ransomware attacks didn’t start with SamSam and they didn’t end with it either.

WordPress Targeted with Clever SEO Injection Malware (Threatpost) The malware does its best to obfuscate SEO injection in WordPress and evade notice from web admins.

GIGABYTE Drivers Elevation of Privilege Vulnerabilities (SecureAuth) 1. Advisory Information Title: GIGABYTE Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0007 Advisory ... Date published: 2018-12-18Date of last update: 2018-12-18 Vendors contacted: Gigabyte

ASUS Drivers Elevation of Privilege Vulnerabilities (SecureAuth) 1. Advisory Information Title: ASUS Drivers Elevation of Privilege VulnerabilitiesAdvisory ID: CORE-2017-0012 Advisory URL :... Date published: 2018-12-18 Date of last update: 2018-12-18 Vendors contacted: Asus Release mode: User release

Cyber security specialists uncover a “thriving criminal eco-system” around Fortnite (KitGuru) Fortnite: Battle Royale has grown to epic proportions over the past year, with a staggering 200 mill

Hackers Move Away from Large Dark Web Markets (Infosecurity Magazine) McAfee spots some black hat entrepreneurs setting up shop solo

Facebook purges more ‘bad actors’ in Myanmar but it still won’t commit to a local office (TechCrunch) As Facebook continues to grasp the severity of the situation in Myanmar, where the UN has concluded that its social network plays “determining role” in inciting genocide, the U.S. tech giant has completed a third sweep in recent months to remove bad actors from its platform. Facebook sa…

Amnesty International used machine-learning to quantify the scale of abuse against women on Twitter (TechCrunch) Update: Twitter’s response has been added to the end of this post.  A new study by Amnesty International and Element AI attempts to put numbers to a problem many women already know about: that Twitter is a cesspool of harassment and abuse. Conducted with the help of 6,500 volunteers, the stud…

SQLite creator fires back at Tencent’s bug hunters (Naked Security) The creator of SQLite has downplayed reports of a bug that could lead to remote code execution.

Why email phishing persists (GCN) An email protocol that can't authenticate senders combined with bad actors' increasingly clever tactics may mean phishing is here to stay.

The Ignorant Human: Data’s Biggest Threat (Security Boulevard) For all the money spent on expensive software solutions and expert consultation; an organization is still at a tremendous risk if it is not developing a culture of security as part of its normal business practices.  Many organizations have 24/7 teams dedicated to monitoring and incident response, but what about any organization’s weakest link?

When Cryptocurrency Falls, What Happens to Cryptominers? (Dark Reading) The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.

Parrot goes shopping with owner’s Alexa (Times) When Rocco the parrot is peckish, he knows who to turn to — Alexa. The African grey parrot has become so adept at giving orders to Amazon’s smart speaker system while his owner is out that he uses...

Snack-happy parrot shows insider threats come in all shapes and sizes (Naked Security) The African Grey has tried to get Alexa to send him lightbulbs, a kite, watermelon, ice cream, strawberries, raisins, broccoli and ice cream.

Cyber Trends

Commissioned Research: State of AI in Security (ProtectWise) Osterman Research report on the state of AI in cybersecurity — benefits, limitations and evolving questions

Poll: Majority of Americans believe midterm elections were secure from hacking (TheHill) A majority of Americans believe this year’s midterm elections were secure from hacking, according to a new poll released Tuesday.

Events like Black Friday can really affect the IT team's mental health (Computing) 54 per cent of IT and BPO staff suffer from depression, anxiety and insomnia caused by their work

Cryptocurrency craze drives coinmining malware surge (Help Net Security) The cryptocurrency craze of 2018 helped drive a 1,500 percent increase in coinmining malware when compared to 2017, according to eSentire.

Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots (Dark Reading) While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.

2018 Annual Threat Report (eSentire) Key Findings: Coinmining malware increased over fifteen-fold in 2018. Construction organizations were most impacted by phishing threats. The most popular day for phishing events in 2018 was Tuesdays. Exploitation attempts against web servers, routers, and IoT devices grew over 200% YoY.

Cyber attack attempted 'every 2.5 minutes' - study (Insurance Times) 72% of large organisations have had a cyber-security breach within the last 12 months

A Chief Security Concern for Executive Teams (KrebsOnSecurity) Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site.

Cyber Hacks Could Cost Auto Industry $24 Billion, New Upstream Security Study Reports (PR Newswire) Cyber hacks might cost the auto industry $24 billion within five years, according a new study released by...

AI Yields Security Benefits, Not Without Problems (Infosecurity Magazine) AI holds great promise, if organizations can work through its challenges.

Marketplace

With trust destroyed, Facebook is haunted by old data deals (TechCrunch) As Facebook colonized the rest of the web with its functionality in hopes of fueling user growth, it built aggressive integrations with partners that are coming under newfound scrutiny through a deeply reported New York Times investigation. Some of what Facebook did was sloppy or unsettling, includ…

Huawei defends global ambitions amid security fears (Fin24) Huawei has defended its global ambitions and network security in the face of Western fears that the Chinese telecom giant could serve as a Trojan horse for Beijing's security apparatus.

Chinese ZTE Hires Former Senator To Combat National Security Threat Image (Android Headlines) Chinese technology giant ZTE hired former Democratic Senator Joe Lieberman as an independent consultant meant to conduct an unbiased review of its products and services with the goal of determining whether the abundance of allegations

Cisco Acquisitions Drive Company Growth (Crunchbase News) This morning, Cisco announced its intent to buy Luxtera, a Carlsbad, California-based semiconductor company, for about $660 million...

This AI Startup Constantly Monitors Kids To Stop The Next School Shooting—And It Just Scored $16 Million Funding (Forbes) Artificial intelligence from Securly claims it can uncover self-harming and cyberbullying. And it's hoping to create software that can preempt the next school shooting to stop it before it occurs.

Hewlett Packard Enterprise Completes BlueData Acquisition (Forbes) What is clear is that HPE understands the need to support the deployment of large-scale machine learning solutions. For the state of the industry, buy is a much faster way to begin to implement than is build. Looking forward, the acquisition looks like a smart move.

Bitcoin Bulls Are Still Upbeat On Year Anniversary Of All-Time High (Forbes) Bitcoin may not be dead, but it's certainly fallen a long way from the heady highs of late 2017...

Appointed CEO of Virgin Atlantic Joins Check Point’s Board (CTECH) Before joining Virgin Atlantic in 2014, Shai Weiss was an investment partner at the airline’s parent company, Virgin Management

Products, Services, and Solutions

SentinelOne Partners with Exabeam to Rapidly Detect and Autonomously Stop Advanced Threats (BusinessWire) SentinelOne, the autonomous endpoint protection company, and Exabeam, the next-gen SIEM company, today announced a strategic partnership and the techn

Circadence Brings Project Ares Cybersecurity Platform to Microsoft Azure (BusinessWire) Circadence Corporation®, a market leader in cybersecurity readiness, announced today that its fully immersive, gamified, AI-powered cybersecurity lear

HotLink Enables Service Providers to Battle Cybersecurity Attacks with New Fully-Integrated Veeam Cloud Connect Technology (BusinessWire) For Veeam Alliance Partners, HotLink’s new technology delivers robust cybersecurity capabilities to remediate a broad spectrum of security threats.

Shape Security Partners with Okta to Help Seamlessly Prevent Cyberattacks (GlobeNewswire News Room) Integration will deliver increased security with no user-visible friction

A10 Networks’ Application Delivery solution now available in the Microsoft Azure Marketplace (Help Net Security) A10 Networks cloud-native Application Delivery solution including the Harmony Controller, vThunder ADC, is now available in the Microsoft Azure Marketplace.

JASK Expands Elite Cyber Threat Hunting ‘SpecOps’ Team (BusinessWire) JASK, the provider of the industry’s first Autonomous Security Operations Center (ASOC) platform, today announced the expansion of its customer-driven

Technologies, Techniques, and Standards

How Military Tactics Apply To Cyberspace (eSecurity Planet) Former West Point professor Greg Conti explains how military doctrines apply to cyber security, and what lessons enterprises can learn from that.

Cryptojacking can’t be identified with the reactive security mechanisms present in most enterprises: Michael Joseph, Fortinet (ETCIO.com) The new age problem of cryptocurrency mining as a problem cannot be effectively identified, detected and prevented with the typical reactive security ..

Combating Fraud During the Festive Season (Computing) Mike Mimoso, Editorial Director, Flashpoint, brings some advice on how organisations should maintain security

For the Average Hacker, Your Small Business Is an Ideal Target (Entrepreneur) You're not too big to be hacked. Here's how to avoid becoming a statistic.

The most common forms of censorship the public doesn’t know about (TechCrunch) Justin Kosslyn Contributor Justin Kosslyn is the chief product manager at Jigsaw, a unit within Alphabet that uses technology to address global security issues. Amid all the discussion today about online threats, from censorship to surveillance to cyberwar, we often spend more time on the symptoms …

Design and Innovation

Microsoft hopes crowdsourced A.I. algorithms will help avoid the next global cyberattack (CyberScoop) If you’ve developed an artificial intelligence tool capable of predicting the next ransomware outbreak, Microsoft wants to hear about it. And they’re willing to pay.

Researchers in Germany See Behavior-Based Authentication Prime for Luxury Brands (WWD) By embedding sensors in a dress, only the owner of that dress would have automatic access to designated entrances or possessions.

Research and Development

SECURITY: NSA cyber sleuths rack up tech patents (E&E News) National Security Agency analyst Daryle Deloatch works mainly with mobile devices — phones, iPads and the like. Though his day job immerses him in the cybersecurity issues inherent to use of these technologies, he writes programs to fix them as a "side project."

Does your personality put you at risk for cybercrime? (Help Net Security) Impulse online shopping, downloading music and compulsive email use are all signs of a certain personality trait that make you a target for malware

Two Brains Are Better Than One: AI and Humans Work to Fight Hate (Cal Alumni) It started with a conversation. About two years ago, Claudia von Vacano, executive director of UC Berkeley’s social science D-Lab, had a chat with Brittan Heller, the then-director of technology and society for the Anti-Defamation League (ADL).

Legislation, Policy, and Regulation

UN will be forced to introduce cybersecurity treaty in 2019: Experts (Verdict) The ever-increasing escalation in state-sponsored cyberattacks will force the UN to introduce a cybersecurity treaty in 2019, according to experts.

U.K. Adopts Cold War Strategy to Tackle Threat From Russia (Bloomberg) Military will re-establish permanent ‘Net Assessment Unit.’ Mirrors U.S. Pentagon unit for preventing surprise attacks.

Telecom export body seeks ban on Chinese equipment from Huawei, ZTE (Business Today) Indian telecom export body has requested National Security Advisor Ajit Doval to ban the purchase of equipment from Chinese companies like Huawei, ZTE and Fiberhome for government networks

U.S. Steps Up Pressure on Germany Over Huawei Security Concerns (Bloomberg) Working group meeting in Berlin underscores heightened worries. German government is preparing for 5G auction next year.

The US Needs to Engage China on Tech—Or Risk Isolating Itself (WIRED) Opinion: What we can learn from Israel's surprising technological ties with with China.

CENTCOM chief: The future of warfare demands more cyber authorities (Fifth Domain) The head of U.S. Central Command, Gen. Joseph Votel, in a Dec. 18 paper stated that the Pentagon must “normalize” electronic warfare and cyberattacks into daily operations.

Debunking "ghost users": MI5's plan to backdoor all secure messaging platforms (Boing Boing) Debunking "ghost users": MI5's plan to backdoor all secure messaging platforms

Lebanon Seeks to Create Agency to Fight Cyber Crime (Al Bawaba) Lebanon Seeks to Create Agency to Fight Cyber Crime

AI, cyber workforce at the top of House IT subcommittee priorities for 2019 (Federal News Network) Reps. Will Hurd and Robin Kelly want a more coordinated effort around artificial intelligence to improve how agencies recruit and train cyber workers.

How OMB’s new cyber policy will lift the albatross off of the cloud (Federal News Network) The Office of Management and Budget is updating the 11-year-old Trusted Internet Connections (TIC) policy that many said made it harder to move to the cloud.

Litigation, Investigation, and Law Enforcement

UK’s DCMS calls in Facebook again over user data access, asks competition authorities to investigate (TechCrunch) The latest revelations about Facebook’s handling of user data — an investigation by the New York Timesfound that Facebook had been providing special data access to large companies like Amazon, Microsoft, Spotify and others — has landed the social network once more in hot water in …

Europe issues a deadline for US’ Privacy Shield compliance (TechCrunch) The European Commission has finally given the U.S. a deadline related to the much criticized data transfer mechanism known as the EU-US Privacy Shield . But it’s only asking for the U.S. to nominate a permanent ombudsperson — to handle any EU citizens’ complaints — by Februa…

Agencies Faced More Than 35,000 Cyber Incidents in 2017, Watchdog Says (Nextgov.com) But they’re procrastinating on adopting security tools and strategies.

Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions (Government Accountability Office) The 23 civilian agencies covered by the Chief Financial Officers Act of 1990 (CFO Act) have often not effectively implemented the federal government’s approach and strategy for securing information systems (see figure below). Until agencies more effectively implement the government’s approach and strategy, federal systems will remain at risk.

How Russia Hacked U.S. Politics With Instagram Marketing (Foreign Policy) The Internet Research Agency took to the photo-sharing network to boost Trump and depress voter turnout.

Why Jihadist Attacks Have Declined in Europe (Foreign Affairs) Europe shouldn’t get comfortable yet.

Cybersecurity failures raise threat of 'deadly missile attacks,' Pentagon watchdog says (NBC News) An inspector general's report finds unencrypted thumb drives, classified servers without locks on them and unrepaired computer bugs going back to 1990.

American Sues US Government For Allegedly Pressuring Him To Unlock His Phone at Airport (Motherboard) CBP and DHS officers allegedly detained a Los Angeles man of Muslim faith before he boarded a plane for four hours, asking him questions and pressuring him to show them the contents of his phone.

Man sues feds after being detained for refusing to unlock his phone at airport (Ars Technica) "Please call a lawyer for me!" Haisam Elsharkawi shouted at LAX while being detained.

Juniper Gets Double Trial Win in Cybersecurity Spat With Finjan (The Recorder) Irell persuaded Judge William Alsup to block Finjan from seeking $60 million in damages and got the jury to find the patent claim was not infringed.

Georgia has ignored election security best practices, expert says (StateScoop) Gov.-elect Brian Kemp’s last-minute accusation that Democrats hacked the state’s voter registration database is but one in a string of election security gaffes, an expert told StateScoop.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

CYBERSEC Brussels Leaders' Foresight 2019 (Brussels, Belgium, May 15 - 16, 2019) The aim of the CYBERSEC Brussels Leaders' Foresight 2019 is to give proactive guidance on how to lead, encourage evidence-based desision-making, and develop cybersecurity policy statecraft in the EU and...

5th European Cybersecurity Forum – CYBERSEC 2019 (Krakow, Poland, October 29 - 30, 2019) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...

Upcoming Events

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.