skip navigation

More signal. Less noise.

Are you using threat intelligence to its full potential?

Download this free report via Recorded Future to learn 12 common threat intelligence use cases.

Daily briefing.

The US Government, specifically the White House, yesterday joined the British Foreign Office in attributing last year's NotPetya pseudoransomware campaign to Russia. This was an unsurprising statement, as US officials have long regarded Russia as the prime suspect. NotPetya began with attacks in Ukraine and spread to other countries. The UK was particularly affected. Exploits leaked by the Shadow Brokers (who attributed them to NSA) were instrumental in the NotPetya attacks.

Recorded Future's research suggests that the Olympic Destroyer malware that hit the Winter Games' during the opening ceremonies was deployed in a complex, multipart operation. They also point out that circumstantial code similarities to malware known to have been developed by various nation-states, including China and North Korea, are consistent with false flag misdirection, and provide thin at best evidence of the existence of a "cyber axis of evil." Speculation about responsibility for Olympic Destroyer continues.

Aqua has published a study of how cryptocurrency miners successfully attack container environments.

Comodo's 2017 Global Malware Report observes that online advertising and digital media buys have continued to increase their role as vectors for malware distribution.

FedEx has secured an AWS S3 bucket left open (apparently inadvertently) to the Internet.

Secureworks researchers track the proliferation of SamSam ransomware. They find the criminal operators ("Gold Lowell") unusually hands-on, devoted to effective exploitation of readily available commodity attack tools.

Oracle is said to have acquired Zenedge for an undisclosed sum. VMWare's purchase of CloudCoreo is seen as a push into the cloud security market.


Today's issue includes events affecting Australia, China, European Union, Democratic Peoples Republic of Korea, Republic of Korea, Latvia, Russia, Singapore, Ukraine, United Kingdom, United States.

Do you know your adversary’s next move? We do.

Getting a leg up on your adversary – cyber espionage, cyber crime, or hacktivism – is no easy feat. You need strategic intelligence…from the experts. But what makes intelligence strategic? Learn more in LookingGlass’ webinar featuring the experts. Join our Sr. Directors of Research and Analysis Jonathan Tomek and Olga Polishchuk on February 21 @ 2PM ET for a discussion covering what security teams need to proactively defend against your next cyber attack. Sign up now!

In today's podcast we speak with our partners at RSA, as their CTO Zulfikar Ramzan discusses the hype surrounding blockchain technology. Our guest is Jack Rhysider, producer and host of the Darknet Diaries podcast, who shares true stories from the dark side of the Internet.

Cyber Security Summits: February 13 in Silicon Valley & Atlanta on February 28 (Silicon Valley, California, USA, February 13, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

Compete to win prize money plus the chance to be DataTribe’s next big investment (Online, March 23 - April 25, 2018) The DataTribe Inaugural Cyber Funding Competition: We put real firepower behind every idea. If you're part of a entrepreneurial technology team with a vision to disrupt cybersecurity and data sciences — we want to enhance your growth prospect with the opportunity for a DataTribe-financed seed capital of $2,000,000. Plus possible millions more in a Series A Venture Capital Round. The top three finalists will share $20,000 in prize money.

Cyber Attacks, Threats, and Vulnerabilities

Targeting of Olympic Games IT Infrastructure Remains Unattributed (Recorded Future) The operation to disrupt the PyeongChang Winter Olympic Games was more extensive than originally reported. The Olympic Destroyer malware should be treated with a high level of concern.

Rumours fly about who was behind the PyeongChang Olympics hack (Security Brief) The Olympic Destroyer campaign comes at a precarious time of geopolitical tensions with several possible perpetrators but no conclusive proof.

White House Blames Russia for 'Reckless' NotPetya Cyber Attack (US News and World Report) The White House on Thursday blamed Russia for the devastating 'NotPetya' cyber attack last year, joining the British government in condemning Moscow for unleashing a virus that crippled parts of Ukraine's infrastructure and damaged computers in countries across the globe.

The White House Blames Russia for NotPetya, the 'Most Costly Cyberattack In History' (WIRED) After its negligence on Russian election hacking, the Trump administration is taking Russia's global malware attack more seriously.

Kaseya Virtual System Administrator: New Updates (eSentire Managed Detection and Response) Originally published on 2018-01-29eSentire has observed an unknown threat actor attempting to deploy a Monero cryptocurrency miner to multiple eSentire cus...

This lucrative ransomware campaign secretly surveys vulnerable networks to maximise infections (ZDNet) SamSam ransomware moves laterally across networks after compromising internet-facing systems, and is making its hands-on operators hundreds of thousands of dollars.

Cryptocurrency Miners Abusing Containers: Anatomy of an (Attempted) Attack (Aquasec) We’ve heard many accounts of cryptocurrency mining attacks on container environments and decided to investigate and analyze an anatomy of such an attack.

After reported breach, FedEx says server is "secure," investigation underway (Memphis Business Journal) After reports today of a breached server, Memphis-based FedEx Corp. said the information is now secure.

Multi-Stage Word Attack Infects Users Without Using Macros (BleepingComputer) Spam distributors are using a new technique to infect users with malware, and while this attack relies on having users open Word documents, it does not involve users having to allow the execution of macro scripts.

Innovative and rougher in extortion, threats continued for Android in 2017 (WeLiveSecurity) New research from ESET has highlighted how 2017 was a year that Android ransomware become more innovative and rougher in extortion.

A New Internet of Things Botnet Originated on 'Grand Theft Auto' Servers (Motherboard) Attackers said “God’s wrath will be employed against the IP that you provide us.”

SAP Cyber Threat Intelligence report – February 2018 (Security Boulevard) The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats. Key takeaways The first set of SAP Security Notes in 2018 consists of 26 The post SAP Cyber Threat Intelligence report – February 2018 appeared first on ERPScan.

Global Malware Report Confirms Prevalence, Role Of Advertising (Media Post) A day after the Director of National Intelligence Dan Coats released the U.S. intelligence agencies' 2018 Worldwide Threat Assessment, highlighting how digital media has become a vector for a variety of national security threats, a new report revealed the prevalence of malicious code worldwide, as well as in the U.S.

Global Malware Report 2017 (Comodo Threat Research Labs) Malicious software, or malware, refers to computer code that can be harmful to both computer systems and their users.

Renewable energy companies at high risk from cyberattack, claims report (Power Technology) The Renewables Consulting Group (RCG) and cybersecurity specialist Cylance have published a report on cybersecurity concerns for renewable energy companies,...Read More...

How an Apple staffer leaked the iPhone source code (CRN Australia) Apple's iOS 9 source code fell into the wrong hands.

Edward Snowden returns to US! Oops, nope, it's a phishing scam (SC Media UK) A strange spam campaign that targets Apple customers was found distributing phishing emails containing an Apple receipt to an Edward Snowden.

Techno-senator tells Tinder to hook up its app with better security (Register) Swipe-a-shag tool gets the dreaded sternly-worded-letter treatment from Wyden

Security Patches, Mitigations, and Software Updates

That terrifying 'unfixable' Microsoft Skype security flaw: THE TRUTH (Register) Oh yeah, we patched that in October, Windows giant yawns

Cyber Trends

With 100 days to go, 72% of organisations worldwide are GDPR ready (ResponseSource Press Release Wire) EfficientIP X-Day study discovers average global spend on GDPR compliance tops $1.5 million, bringing increased trust and loyalty from customers. Paris, France and New York, USA - 15th February 2018 ...

Why the cyber threat landscape could grow under GDPR (Information Age) The General Data Protection Regulation (GDPR) is only 3 short months away, with the incoming regulation seeing businesses across Europe and beyond bolster their cyber security in an effort to comply

Analyzing the Security of Federal Government Contractors (BitSight) Download this BitSight Insights report to learn about the cybersecurity performance of U.S. federal government contractors and subcontractors.

Entry-Level Employees Lack Awareness of IT Security Threats, Company Cybersecurity Policies (PR Newswire) Nearly half (46%) of entry-level employees don't know if their company has...

Agencies Better At Cybersecurity Than Vendors, Study Says (Law360) Cybersecurity at contractors is lagging behind that of federal agencies, security ratings firm BitSight said in a report Thursday, a day after a U.S. Department of Homeland Security official revealed DHS had launched an initiative for agencies to study cybersecurity throughout their supply chains.


Bitcoin price: Is the bull run back? Bitcoin's up almost 20 percent in 7 days (Verdict) The bitcoin price is nearing $10,000 per coin after dropping under the psychological marker last month, climbing almost 10 percent in the last 24 hours. 

‘American Intelligence’ Project Bitcoin Could Fall to $300 - Russian Lawmaker (Sputnik News) Anatoly Aksakov, chair of Russia’s State Duma Committee on Financial Markets, says he does not believe bitcoin will return to its former glory. On the contrary, Aksakov predicts it will fall dramatically.

Oracle slurps bot-wrangling security minnow Zenedge (Register) Buy price not revealed

VMware acquisition continues move toward cloud security (SearchCloudComputing) The latest VMware acquisition highlights the virtualization leader's move to broaden its appeal in cloud management and security to remain relevant.

OpenText buys file-sharing service Hightail (10 Thousand Couples) A file-sharing service with 5.5 million users around the world has been bought by Waterloo's OpenText.

Arlington Capital acquires IAI, eyes combo with Xebec (Washington Technology) Arlington Capital Partners has acquired defense and intelligence IT contractor Integrity Applications Inc. and will merge IAI with portfolio company Xebec.

Kromtech Looks to M&A to Help Expand Its Product Portfolio (PRWeb) Persistent and serious ransomware attacks and personal data leaks continue to worsen customer cybersecurity concerns. Not only the increasing frequency of the attacks...

Internet giant Akamai is at a crossroads. Here's what's next. (Boston Business Journal) Changing internet trends and activist investors have Akamai facing one of the most uncertain periods in its 20-year history. Can it reinvent itself fast enough?

Intel offers to pay for Spectre-like side channel vulnerabilities (Help Net Security) Intel is raising considerably the awards it plans to give out for helpful vulnerability information, and is offering a new bug bounty program focused specifically on side channel vulnerabilities, i.e., vulnerabilities that are rooted in Intel hardware but can be exploited through software.

CenturyLink announces strategic government leadership team (Intelligence Community News) CenturyLink, Inc., headquartered in Monroe, LA, announced on February 15 the strategic government executive leadership team that reports to David Young, regional vice president of strategic governm…

Imperva Announces Departure of its Chief Revenue Officer (BusinessWire) Imperva, Inc. (NASDAQ:IMPV), a cybersecurity leader that delivers best-in-class solutions to protect data and applications on-premises, in the cloud,

Bugcrowd Appoints Two Key Executives to Capitalize on Growing Market Demand (GlobeNewswire News Room) Rick Beattie, VP of Global Sales, and Jonathan Gohstand, VP of Product, bring proven track records to leader in crowdsourced security

Products, Services, and Solutions

Trustwave Announces New Proactive Threat Hunting Service for Government (BusinessWire) Trustwave announces a new threat hunting service for government agencies to help bolster cyber defenses.

Cyberbit Wins Three Gold Cybersecurity Excellence Awards for Innovative Products and Projects (PR Newswire) Cyberbit Ltd., a world leading provider of cybersecurity simulation...

JASK Announces Technology Alliance with Carbon Black, Delivering Next-Generation Alert Consolidation and Prioritization (BusinessWire) JASK, the provider of the industry’s only Autonomous Security Operations Center (ASOC) platform, today announced it has entered into a technology alli

LinuxInsider Headlines (Linux Insider) SentinelOne this week announced a partnership with Microsoft to bolster threat protection for mixed platform users, making computing safer for Linux machines in a multiplatform workplace. SentinelOne will integrate its Endpoint Protection Platform with Microsoft's Windows Defender Advanced Threat Protection service to cover Mac and Linux device platforms.

A Guide to Top Secure Web Gateway Vendors (eSecurity Planet) A look at top vendors in the market for web security gateway solutions, a critical tool for defending against web threats.

IBM Wants You to Know Blockchain Can Go Wrong (CoinDesk) IBM has a team of cybersecurity experts working with enterprise clients to make sure their distributed ledgers are free from vulnerabilities.

Armour Communications announces the release of Armour Desktop for Windows 10 (ResponseSource Press Release Wire) Government certified secure mobile communications app continues to lead market with expanded functionality London - Armour Communications, a leading provider of specialist, secure communications sol...

Symantec Earns FedRAMP Authorization for Email Security Service (GovCon Wire) Symantec (Nasdaq: SYMC) has secured certification for its cloud-b

Technologies, Techniques, and Standards

Using the Chrome Task Manager to Find In-Browser Miners (BleepingComputer) The use of browsers to mine for digital currency is becoming a major problem. With more and more sites incorporating in-browser mining scripts such as CoinHive and web extensions injecting them into web pages,  people will continue to be affected by this attack. Thankfully, we can easily detect miners using the Chrome Task Manager.

CERT-In has developed a free bot removal tool in collaboration with QuickHeal, starts sending out awareness SMS (Tech2) The SMS includes a link to the Botnet Cleaning and Malware Analysis Centre where one can get information about bots and how to remove them

25% of firms fail to implement multi-factor authentication for BYOD (Security Brief) 25% of respondents at the Gartner Symposium lacked some form of multi-factor authentication when securing BYOD.

Removing admin rights would mitigate most Microsoft flaws, report claims (iTWire) Removing administrator rights would mitigate 80% of the critical vulnerabilities found in Microsoft products in 2017, the security firm Avecto claims....

7 steps security leaders can take to deal with Spectre and Meltdown (Help Net Security) Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities like Spectre and Meltdown, according to Gartner.

Still relying solely on CVE and NVD for vulnerability tracking? Bad idea (Help Net Security) Incredibly, we see too many companies still relying on CVE and NVD for vulnerability tracking, despite the US government funded organization falling short year after year.

How to take charge of data encryption in the cloud era (IT Pro Portal) A range of highly publicised data leaks in recent years have resulted in financial loss, legal repercussions, resignation of top executives and damaged brand reputation.

Want to Protect Against Websites That Spy on You? Get an Ad Blocker. (Consumer Reports) The Chrome browser can now block annoying ads on some sites. But there are better ad blockers and anti-trackers for protecting your privacy and security.

Employees, not technology, are your business's first defence against cyber attack (International Business Times UK) Suzanne McAndrew, Managing Director, Talent & Rewards, Willis Towers Watson says just 18% of breaches driven directly by external threats.

Design and Innovation

IBM and SpaceBelt Collaborate on Innovative Architecture for Secure Cloud Management and Storage in Space (PR Newswire) As worldwide security growth moves to more than $96 billion in 2018,...

Why do we need a risk-based approach to authentication? (Help Net Security) The biggest challenge for an enterprise seeking to adopt a risk-based approach to authentication is the sheer number of variables that must be accounted for in each and every request.

Legislation, Policy, and Regulation

Critical Infrastructure Protection: Additional Actions Are Essential for Assessing Cybersecurity Framework Adoption (Government Accountability Office) Most of the 16 critical infrastructure sectors took action to facilitate adoption of the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity by entities within their sectors. Federal policy directs nine federal lead agencies—referred to as sector-specific agencies (SSA)—in consultation with the Department of Homeland Security and other agencies, to review the cybersecurity framework and, if necessary, develop implementation guidance or supplemental materials to address sector-specific risks and operating environments.

Cybersecurity is not something; it is everything (Brookings) Four years ago, the Obama Administration rolled out the Cybersecurity Framework from the National Institute of Standards and Technology (NIST). It has proven to be an essential and indispensable ro…

Our intelligence chiefs just want to tell the truth about national security (TheHill) They just want to tell Congress and the American public the truth about threats to our country.

The murky world of Australia & Singapore's workforce monitoring laws (Security Brief) Australia’s complexity is second only to the United states when it comes to workforce monitoring.

Creating a New Crime: Cyber-Harassment (New Jersey Law Journal) The inclusion of cyber-harassment in the Domestic Violence Statutes will enable victims of domestic violence to prove an act of cyber-harassment by producing the allegedly offending communication.

US Intel, State Elections Officials to Discuss Security Issues (VOA) Classified-level briefing comes ahead of midterm elections

Could a cyber national guard have a role in safeguarding elections? (FCW) During a Senate Armed Services subcommittee hearing, senators toyed with the idea of the National Guard protecting the 2018 elections from foreign tampering.

Litigation, Investigation, and Law Enforcement

Former senior Federal Bureau of Investigation official is leading BuzzFeed's effort to verify Trump dossier (10 Thousand Couples) BuzzFeed is suing the Democratic National Committee for information about a controversial dossier about Donald Trump the news outlet published previous year. In a nutshell: BuzzFeed believes the D.N.C. has information that could show a link between Gubarev and the e-mail hacking, which would undercut his libel claim.

California man convicted of directing cyber attack against Norman business ( A California man was convicted on one count of directing distributed-denial-of-service(DDoS) cyber attacks against two websites owned by Oklahoma telescope retailer Astronomics in August 2016. 44-year-old David Goodyear was charged in August 2017 with attacking the websites of Astronomics, a family-owned telescope retailer in Norman.

Latvian National Pleads Guilty To “Scareware” Hacking Scheme That Targeted Minneapolis Star Tribune Website (US Department of Justice) A Latvian man pleaded guilty yesterday for participating in a lucrative “scareware” hacking scheme that targeted visitors to the Minneapolis Star Tribune’s website.

ATM Skimmer Kingpin Escapes UK Police (BleepingComputer) In what many consider to be a monumental failure on the part of UK police, the ringleader of a notorious ATM skimming gang has escaped prosecutors and is believed to be hiding abroad, after being let out on bail.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Security Titans (Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...

CyberThreat 18 (Westminster, England, UK, February 27 - 28, 2018) Hosted by the UK’s National Cyber Security Centre, a part of GCHQ, and the SANS Institute, CyberThreat18 brings together a packed schedule of talks on a broad range of familiar and less familiar topics...

Midlands Cyber: US Cyber Market Workshop (Lutterworth, England, UK, February 27, 2018) We are delighted to announce that we will be running two workshops, led by Andy Williams, the International Director of the iCyber Centre @bwtech, Maryland. The workshops have been tailored by the team...

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...

The Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, February 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

PrivacyCon 2018 (Washington, DC, USA, February 28, 2018) The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government. As part of this initiative, the...

NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Laurel, Maryland, USA, March 2, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or...

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the...

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...

SecureWorld Boston (Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought...

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as...

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.