2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
December 20, 2018.
By the CyberWire staff
This morning the US Justice Department unsealed yesterday’s indictment of two Chinese hackers, Zhu Hua and Zhang Shilong, whom it connected with a long-running, extensive campaign by China’s Ministry of State Security to steal intellectual property from at least twelve countries. Initial reactions regard the indictment as containing damning accusations against Beijing, especially long-standing and systematic violation of that government’s undertakings to restrain itself with respect to industrial espionage (TechCrunch).
The condemnation appears to be international: the US is expected to be joined by the UK, Australia, Canada, Japan and Germany, at least, in an announcement of unspecified joint action against Chinese cyber espionage (Washington Post).
China remains under suspicion of being responsible for the breach of EU diplomatic cables. Beijing denies responsibility (Computing).
Twitter observed a large volume of unusual traffic to its customer support site early this week. The social media company thinks it might be receiving some unwanted attention from potential attackers in either Saudi Arabia or China. Still, the incident remains unclear (but clear enough for investors to shy away from the company’s stock) (CNBC).
Late yesterday Microsoft issued an out-of-band patch for an Internet Explorer vulnerability being actively exploited. It’s a remote code execution issue in the scripting engine’s handling of objects in memory.
Facebook is suffering from its long-running accretion of bad news. The access the New York Times reported Facebook granted partners may have been less nefarious than it sounded (Ars Technica), but a lot of people aren’t listening to exculpations anymore (WIRED).
Today's issue includes events affecting China, European Union, India, Russia, Saudi Arabia, Syria, United Kingdom, United States.
A note to our readers: the CyberWire takes its annual holiday break next week, with Christmas and New Year's Day coming up. Our last issue of 2018 will be out Friday, December 21st. We'll resume regular publication on January 2nd, 2019. Our best holiday wishes to all of you.
How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey
What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.
And Hacking Humans is also up. In this episode, "Truth emerges from the clash of ideas," we follow up on critical feedback of last week's show. Dave describes how online extortionists have pivoted from sex to explosives. We've got an auto-responding catch of the day from one of Joe's colleagues. Our guest is Sean Brooks, Director of the Citizen Clinic and a Research Fellow at the Center for Long-Term Cybersecurity at UC Berkeley. He shares their research into online attacks of politically vulnerable organizations.
Cyber Security Summits: 2019(United States, January 1 - December 31, 2019) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the FBI, Darktrace and more at the 2019 Cyber Security Summits. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).
DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp(Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.
Rapid Prototyping Event: The Wolf in Sheep's Clothing(Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.
How the European Union was stymied by phishing(Fifth Domain) Chinese government hackers using basic phishing methods were able to infiltrate the European Union’s communication network, possibly for years, according to a Dec. 19 report by Area 1.
How Hackers Bypass Gmail 2FA at Scale(Motherboard) A new Amnesty International report goes into some of the technical details around how hackers can automatically phish two-factor authentication tokens sent to phones.
With Mirai Comes Miori: IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit(TrendLabs Security Intelligence Blog) We analyzed another Mirai variant called “Miori,” which is being spread through a Remote Code Execution (RCE) vulnerability in the PHP framework, ThinkPHP. Aside from Miori, several known Mirai variants like IZ1H9 and APEP were also spotted using the same RCE exploit for their arrival method. The aforementioned variants all use factory default credentials via Telnet to brute force their way in and spread to other devices.
Trend Micro Flags Free Hola VPN as 'High-Risk' Over Security Holes(PCMAG) The antivirus provider is pointing to a whole host of dangers with the free edition of the VPN software, which other security experts have echoed over the years. But Hola and its partner Luminati say Trend Micro's research is sensational and irresponsible.
Microsoft Issues Emergency Fix for IE Zero Day(KrebsOnSecurity) Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers.
Microsoft Promises Sandboxed Apps With the Security of VMs(Tom's Hardware) Microsoft announced Windows Sandbox, a hybrid sandboxing technologies promising almost the same security guarantees as virtual machines, but with much better performance and lower power consumption on mainstream laptops.
See Forcepoint's Seven Cybersecurity Predictions for 2019 (Multi-Video)(American Security Today) In 2019, attackers will stop at nothing to steal our identities, evade detection through new techniques, and bring disruption to our doorsteps. The stakes are high, the world more connected than we could have ever imagined. Forcepoint , a 2018 ‘ASTORS’ Homeland Security Awards Winner for Best IT Data Management Solution, has unveiled the company’s 2019 Forcepoint Cybersecurity …
Carbon Black Appoints Jill Ward to Board of Directors(GlobeNewswire News Room) Carbon Black (NASDAQ: CBLK), a leader in next-generation endpoint security delivered via the cloud, today announced that Jill Ward, a business leader and operating executive with experience scaling global technology companies, has joined Carbon Black’s board of directors.
Cylance Introduces AI-Powered Virtual CISO(Tech) Cylance Inc. recently announced the availability of its virtual chief information security officer (vCISO) service. The Virtual CISO program is aimed at empowering organizations with crucial technology and security resources that support next-gen security architectures and also enable robust staff augmentation.Cylance vCISO allows customers at...
Zero Trust Security Protects Businesses while Enabling Growth(Security Boulevard) Many companies have their own applications, internal domains, and local area network (LAN). But when it comes to business applications, organizations are increasingly dependent on cloud-based resources. These may include email servers, customer relationship management (CRM) software, or other applications....
Control System Cybersecurity & What It Means to Buildings(RealComm Advisory Newsletters) Cyber threats to buildings/data centers include data issues: compromise, exfiltration and denial-of-service. Control system cyber threats to data centers have focused on the Internet-connected building control systems. However, there are other control system cyber threats to data centers that have not been addressed and have actually caused data center damage.
How to Engage Your Cyber Enemies(Dark Reading) Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
Most Voters Consider a Cyberattack an Act of War(Rasmussen)
Hackers working on behalf of the Chinese government are suspected in a recent cyberattack on the Marriott hotel chain in which the personal information of millions of hotel guests was compromised. Nearly two-out-of-three voters think a cyberattack by another country is an act of war, and most think it poses a greater risk than a traditional military attack.
State hires Andersen as Chief Information Security Officer(Vermont Business Magazine) Vermont Business Magazine Governor Phil Scott and the Vermont Agency of Digital Services (ADS) today announced the hiring of Nicholas Andersen as the Agency’s Chief Information Security Officer (CISO). Andersen brings 12 years of cybersecurity experience to this position. Since 2017, he served as a vice president at Invictus International Consulting, LLC and co-founder of Pueo Business Solutions, LLC.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
SINET Global Institute CISO Series(Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...
CPX Asia 360 2019(Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.