On Friday the US Justice Department announced an indictment based on Special Counsel Mueller's investigation of election influence operations. Three Russian organizations and thirteen Russian individuals were charged with conspiracy and other crimes related to activities during the 2016 election cycle. St. Petersburg's Internet Research Agency is alleged to have played a significant role in what it itself called "information warfare against the United States."
Discord and mistrust were the overarching goals of the alleged Russian operation. Such operations are widely expected to continue, as apparently they have: there are reports of Russian trolls exploiting last week's Florida school massacre.
The alleged shooter in that massacre seems to have been a known wolf-disturbed, lone, not apparently part of any movement-who disclosed his intentions in various social media. Worried online contacts reported him to the FBI, but Florida authorities say the Bureau failed to alert them to the danger.
All Five Eyes have looked at NotPetya and see the same thing: a Russian government operation. They receive some public industry support from FireEye, which sees the work of the Russian Sandworm group in last year's pseudoransomware campaign.
Its ongoing charm offensive in PyeongChang aside, North Korea has continued cyber operations against its customary targets. There are reports that a DPRK hacking unit has decamped from Hong Kong and set up shop in the Russian Far East.
Financial institutions in India and Russia report being raided through fraudulent SWIFT fund transfers similar to the one that hit the Bangladesh Bank in 2016.
Today's issue includes events affecting Australia, Canada, India, Iran, Democratic Peoples Republic of Korea, Republic of Korea, NATO/OTAN, New Zealand, Qatar, Russia, Saudi Arabia, Turkey, Ukraine, United Kingdom, United States, and Venezuela.
A note to our readers: we've updated our email template to one that's more responsive on mobile devices.
Phishing, ransomware, and data breaches plague organizations of all sizes and industries, but the financial services market has always had the largest target on its back. How do you fend off these attacks when you don’t have the budget or resources for everything you need to protect your organization: data feeds, tools, analysis and mitigation? Learn more in our webinar on Wednesday, March 21 @ 2pm ET. Sign up now!
ON THE PODCAST
In today's podcast we speak with our partners at Palo Alto Networks, as Rick Howard talks about the importance of partnering with universities to improve the quantity and diversity of people coming through the STEM pipeline.
Cyber Security Summits: February 28 in Atlanta & Denver on March 22(Atlanta, Georgia, USA, February 28, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com
Compete to win prize money plus the chance to be DataTribe’s next big investment(Online, March 23 - April 25, 2018) The DataTribe Inaugural Cyber Funding Competition: We put real firepower behind every idea. If you're part of a entrepreneurial technology team with a vision to disrupt cybersecurity and data sciences — we want to enhance your growth prospect with the opportunity for a DataTribe-financed seed capital of $2,000,000. Plus possible millions more in a Series A Venture Capital Round. The top three finalists will share $20,000 in prize money.
Old speech, photo used in false FBI Muslim crackdown story(WPXI) A story that falsely reports President Donald Trump ordered the FBI in all 50 U.S. states to take action immediately against Muslim people is based largely on a speech 10 months ago by the then-head of the Department of Homeland Security, and also misquotes that speech.
North Korean Cyber-Attacks and Collateral Damage(AlienVault) WannaCry was incredibly destructive. The attackers made about $150,000 - but the total damage caused by WannaCry has been estimated in the billions of dollars.There is strong evidence linking WannaCry to a group of hackers known as ‘Lazarus’, reportedly operating out of the DPRK (North Korea). Whilst WannaCry is perhaps the most famous attack by Lazarus, it isn’t the only ‘collateral damage’ caused by the DPRK’s cyber actions.Below we disclose new details
FedEx: Customer information exposed, not compromised(American Shipper) Following reports that thousands of customer identification records were left open to public access, FedEx said those records have now been secured and there is “no indication that any information has been misappropriated."
Savers lose millions to retirement fraudsters(Times) Savers are being tricked out of half a million pounds every day after a surge in criminals targeting British pension riches, The Times can reveal. People with nest eggs to invest, including those...
What types of hospitals experience data breaches?(Help Net Security) An estimated 16 million patient records were stolen in the United States in 2016, and last summer the British Health System was crippled by a ransomware attack. While we know these events are on the rise, what do we know about the hospitals that are vulnerable to these attacks?
The continuing lack of understanding of Level 0,1 device security and safety(Control Global) Separating ICS cyber security safety risk from cyber security economic risk has to be done at Level 0,1. This gives management the ability to make better business decisions. Additionally, the latest safety standards requiring ICS cyber security risk assessments, yet there are no explicit Level 0,1 considerations in the standards. Cyber security of Level 0,1 devices requires much more attention - and soon.
Employee Awareness of IT Security Threats(Clutch) A knowledge gap exists between decision-making and entry-level employees about IT security threats at their companies. This report answers 5 key questions about employee security awareness. Read More
The Starbucks Effect on IT Security(SecurityWeek) With a solution that allows for customization of the threat intelligence itself and how you integrate it into your environment, you’ve now got threat intelligence “to order.”
Intel offers to pay for Spectre-like side channel vulnerabilities(Help Net Security) Intel is raising considerably the awards it plans to give out for helpful vulnerability information, and is offering a new bug bounty program focused specifically on side channel vulnerabilities, i.e., vulnerabilities that are rooted in Intel hardware but can be exploited through software.
New infosec products of the week: February 16, 2018(Help Net Security) ScramFS: Encryption system for safeguarding cloud data Scram Software has announced that ScramFS - an internationally peer-reviewed encryption system for safeguarding cloud data - is now available globally to SMEs, government and not-for-profit organizations, enabling encryption of sensitive data to reduce breaches
GDPR quick guide: Why non-compliance could cost you big(Help Net Security) If you conduct business in the EU, offer goods or services to, or monitor the online behavior of EU citizens, then the clock is ticking. You only have a few more months - until May - to make sure your organization complies with GDPR data privacy regulations. Failure to abide by GDPR means you could get hit with huge
AI warfare is coming, and some global leaders say NATO isn’t ready(Defense News) The future of warfare will involve artificial intelligence systems acting as lethal weapons, and much like cyber a decade ago, NATO allies are ill-equipped to manage the potential threat, said current and former European leaders speaking at the Munich Security Conference.
Making Home Networks—and the Internet—Safer by Outsourcing Security(WPI) The nation’s 54 million residential computer networks, which often have inadequate or out-of-date security safeguards, leave millions of Americans vulnerable to fraud, compromise, and even property damage. Poorly protected home computers and other connected devices are inviting targets for hackers seeking to build “botnets” to send spam or phishing emails or launch malicious Internet attacks.
Russians Spooked by Nukes-Against-Cyber-Attack Policy(Centre for Research on Globalization) New U.S. policy on nuclear retaliatory strikes for cyber-attacks is raising concerns, with Russia claiming that it’s already been blamed for a false-flag cyber-attack – namely the election hacking allegations of 2016, explain Ray McGovern and William Binney.
What China's Cybersecurity Law Could Mean for Global Businesses | LookingGlass(LookingGlass Cyber Solutions Inc.) As data breaches and hacking incidents continue to increase, more and more nations are seeking to protect their critical information from an attack. As a result, the industry has seen an uptick in regulations from foreign governments. The laws can safeguard information, as well as help countries define their role in, February 14, 2018
Honest Ads Act Would Deter Foreign Interference in 2018 Through Online Ads(Campaign Legal Center) Brendan Fischer, director, federal and FEC reform at Campaign Legal Center (CLC) released the following statement about Special Counsel Robert Mueller’s indictment of 13 Russian nationals for conspiracy to defraud the United States through interference in the 2016 elections:
How Twitter bots affected the US presidential campaign(Fifth Domain) About one in every five election-related tweets from Sept. 16 to Oct. 21, 2016, was generated by computer software programs called “social bots,” according to a research assistant professor of computer science, University of Southern California.
Just and Unjust Leaks(Foreign Affairs) Revealing official secrets and lies involves a form of moral risk-taking. And drawing the line between the right and wrong kinds of disclosures has grown harder than ever in the Trump era.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Norwich University Cyber Security Summit(Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format,...
Security Titans(Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...
CyberThreat 18(Westminster, England, UK, February 27 - 28, 2018) Hosted by the UK’s National Cyber Security Centre, a part of GCHQ, and the SANS Institute, CyberThreat18 brings together a packed schedule of talks on a broad range of familiar and less familiar topics...
Midlands Cyber: US Cyber Market Workshop(Lutterworth, England, UK, February 27, 2018) We are delighted to announce that we will be running two workshops, led by Andy Williams, the International Director of the iCyber Centre @bwtech, Maryland. The workshops have been tailored by the team...
European Cybersecurity Forum – CYBERSEC Brussels(Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
The Cyber Security Summit: Atlanta(Atlanta, Georgia, USA, February 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
PrivacyCon 2018(Washington, DC, USA, February 28, 2018) The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government. As part of this initiative, the...
SINET ITSEF 2018(Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...
PCI Security Standards Council Middle East and Africa Forum(Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...
SecureWorld Boston(Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Cyber 9-12(Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...
3rd Annual Billington International Cybersecurity Summit(Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought...
Infosecurity Magazine North America Virtual Conference(Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...
The Cyber Security Summit: Denver(Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Women in CyberSecurity 2018(Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as...
SecureWorld Philadelphia(Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
National Cyber League Spring Season(Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
4th Middle East Cyber Security Summit(Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.