2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
December 19, 2018.
By the CyberWire staff
Diplomatic cables from the European Union were successfully intercepted (and presumably read) by “hackers,” as they’re being characterized. Area 1 is credited with discovering the intrusion. There’s not official attribution, yet, but experts say the techniques employed were characteristic of those used by Chinese services. This is of course circumstantial evidence, but many are persuaded (BBC).
To further complicate attribution, Recorded Future notes a trend in state intelligence operations: dumbing down your craft to make a hack look like the work of criminals or hacktivists (Daily Swig). This happens linguistically as well—it’s worth noting that the Internet Research Agency’s performance on Instagram and Twitter show that, had it chosen to use them, Moscow had an American English fluency available that never appeared (except perhaps by inversion) in ShadowBrokerese.
The New York Times reported yesterday that Facebook gave various Big-Tech partners, including Apple and Amazon, extensive access to user data. Facebook replies that the partnerships were benign, that user data weren’t handed over without user consent, and that in any case the more aggressive forms of sharing stopped as Facebook tightened its privacy policies over the past year. But eroding trust in the company seems to have made it impossible for Facebook to avoid another black eye. It’s running out of eyes: Facebook’s British nemesis, the Department for Digital, Culture, Media and Sport, has starchily requested an explanation (TechCrunch).
In the US, NASA reports a server breach with possible personal data compromise.
Today's edition of the CyberWire reports events affecting China, European Union, Germany, India, Iran, Israel, Lebanon, Russia, Taiwan, United Kingdom, United States.
A note to our readers: the CyberWire takes its annual holiday break next week, with Christmas and New Year's Day coming up. Our last issue of 2018 will be out Friday, December 21st. We'll resume regular publication on January 2nd, 2018. Our best holiday wishes to all of you.
How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey
What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.
Cyber Security Summits: 2019(United States, January 1 - December 31, 2019) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the FBI, Darktrace and more at the 2019 Cyber Security Summits. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).
DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp(Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.
Rapid Prototyping Event: The Wolf in Sheep's Clothing(Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.
Danabot's Travels: A Global Perspective(Arbor Networks Threat Intelligence) First discovered in May of 2018, Danabot is a Delphi written banking trojan that has been under active development throughout the year. This malware’s early success can be attributed to its modular structure and mature distribution system. Throughout the year, NETSCOUT Threat Intelligence has observed the growth in distribution and global coverage of Danabot.
GIGABYTE Drivers Elevation of Privilege Vulnerabilities(SecureAuth) 1. Advisory Information Title: GIGABYTE Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0007 Advisory ... Date published: 2018-12-18Date of last update: 2018-12-18 Vendors contacted: Gigabyte
ASUS Drivers Elevation of Privilege Vulnerabilities(SecureAuth) 1. Advisory Information Title: ASUS Drivers Elevation of Privilege VulnerabilitiesAdvisory ID: CORE-2017-0012 Advisory URL :... Date published: 2018-12-18 Date of last update: 2018-12-18 Vendors contacted: Asus Release mode: User release
Why email phishing persists(GCN) An email protocol that can't authenticate senders combined with bad actors' increasingly clever tactics may mean phishing is here to stay.
The Ignorant Human: Data’s Biggest Threat(Security Boulevard) For all the money spent on expensive software solutions and expert consultation; an organization is still at a tremendous risk if it is not developing a culture of security as part of its normal business practices. Many organizations have 24/7 teams dedicated to monitoring and incident response, but what about any organization’s weakest link?
Parrot goes shopping with owner’s Alexa(Times) When Rocco the parrot is peckish, he knows who to turn to — Alexa. The African grey parrot has become so adept at giving orders to Amazon’s smart speaker system while his owner is out that he uses...
2018 Annual Threat Report(eSentire) Key Findings: Coinmining malware increased over fifteen-fold in 2018. Construction organizations were most impacted by phishing threats. The most popular day for phishing events in 2018 was Tuesdays. Exploitation attempts against web servers, routers, and IoT devices grew over 200% YoY.
A Chief Security Concern for Executive Teams(KrebsOnSecurity) Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site.
With trust destroyed, Facebook is haunted by old data deals(TechCrunch) As Facebook colonized the rest of the web with its functionality in hopes of fueling user growth, it built aggressive integrations with partners that are coming under newfound scrutiny through a deeply reported New York Times investigation. Some of what Facebook did was sloppy or unsettling, includ…
Hewlett Packard Enterprise Completes BlueData Acquisition(Forbes) What is clear is that HPE understands the need to support the deployment of large-scale machine learning solutions. For the state of the industry, buy is a much faster way to begin to implement than is build. Looking forward, the acquisition looks like a smart move.
How Military Tactics Apply To Cyberspace(eSecurity Planet) Former West Point professor Greg Conti explains how military doctrines apply to cyber security, and what lessons enterprises can learn from that.
The most common forms of censorship the public doesn’t know about(TechCrunch) Justin Kosslyn Contributor Justin Kosslyn is the chief product manager at Jigsaw, a unit within Alphabet that uses technology to address global security issues. Amid all the discussion today about online threats, from censorship to surveillance to cyberwar, we often spend more time on the symptoms …
SECURITY: NSA cyber sleuths rack up tech patents(E&E News) National Security Agency analyst Daryle Deloatch works mainly with mobile devices — phones, iPads and the like. Though his day job immerses him in the cybersecurity issues inherent to use of these technologies, he writes programs to fix them as a "side project."
Two Brains Are Better Than One: AI and Humans Work to Fight Hate(Cal Alumni) It started with a conversation. About two years ago, Claudia von Vacano, executive director of UC Berkeley’s social science D-Lab, had a chat with Brittan Heller, the then-director of technology and society for the Anti-Defamation League (ADL).
Europe issues a deadline for US’ Privacy Shield compliance(TechCrunch) The European Commission has finally given the U.S. a deadline related to the much criticized data transfer mechanism known as the EU-US Privacy Shield . But it’s only asking for the U.S. to nominate a permanent ombudsperson — to handle any EU citizens’ complaints — by Februa…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CYBERSEC Brussels Leaders' Foresight 2019(Brussels, Belgium, May 15 - 16, 2019) The aim of the CYBERSEC Brussels Leaders' Foresight 2019 is to give proactive guidance on how to lead, encourage evidence-based desision-making, and develop cybersecurity policy statecraft in the EU and...
5th European Cybersecurity Forum – CYBERSEC 2019(Krakow, Poland, October 29 - 30, 2019) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
CPX Asia 360 2019(Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.