How are companies actually using machine learning for threat intelligence?

Artificial intelligence, and in particular machine learning, has seen huge strides in recent years and is now impacting all aspects of society and business. Learn the four ways machine learning is powering smarter threat intelligence with Recorded Future's latest white paper. Download your copy now.

The daily briefing.

Cryptocurrency mining shows no signs of slacking off, although its focus has shifted from Bitcoin to Monero. The XMRig campaign has now infected more than fifteen-million users with unwanted mining software. XMRig misuses url-shortener Bitly to hide red flags from users it seeks to induce to click malicious ads.

Other mining campaigns are in full swing. Dr. Web reports that Windows systems running some versions of the Cleverance Mobile SMARTS Server, a legitimate Russian product that automates various industrial and logistical processes, are being infected with malicious DLL files that mine Monero. Trend Micro is following a similar campaign against Apache Struts and DotNetNuke servers. Palo Alto Networks is tracking a mass effort to infect individual users through file-sharing sites. PandaSecurity describes WannaMine, fileless malware used in smash-and-grab attacks. 

The miners aren't a relatively harmless nuisance, CrowdStrike warns. Mining is so computationally intensive that it routinely renders affected CPUs unusable.

Parliament is dissatisfied with what many MPs take to be Twitter's evasiveness over how its platform may have been used to influence the UK's Brexit vote. Facebook reports its introspective conclusion that Russian "agents" were found behind one-hundred-twenty-nine promoted events during the election cycle.

Dutch intelligence services are reported to have penetrated Cozy Bear before the FSB threat actor hit the US Democratic National Committee. They shared warnings with their American colleagues.

Symantec, SAP, and McAfee are reported to have submitted source code for inspection by Russian security organs. Such inspection was apparently a precondition for doing business in Russia.

Cylance is proud to be the CyberWire sustaining sponsor for 2018. Learn more about how Cylance prevents cyberattacks at cylance.com

Today's edition of the CyberWire reports events affecting Australia, Austria, China, Egypt, European Union, India, Indonesia, Netherlands, Pakistan, Russia, Solomon Islands, Thailand, Turkey, United Kingdom, United States, and Vietnam.

Is your security team equipped to make the very best tactical decisions?

Conducting business in another country and need to know more about international business laws? Want to know some of the biggest threats to the 2018 Winter Olympics or North Korea’s cyber capabilities? You need finished intelligence…from the experts. Join LookingGlass’ Sr. Director of Investigation and Analysis, Olga Polishchuk and Jonathan Tomek, Sr. Director of Research on February 20 @ 2PM ET, as they discuss what your security team needs to make more effective business decisions.

On the Podcast

In today's podcast, we speak with our partners at CenturyLink, as Dale Drew gives us his take on what to expect in cybersecurity during 2018. Our guest is Stacey Higginbotham, host of the Internet of Things Podcast, and we chat with her about IoT security.

And later today, around noon Baltimore time, our special 2018 predictions issue will be up, featuring discussions with such seasoned cyber security experts as Nate Beach-Westmoreland (Head of Strategic Threat Intelligence at Booz Allen's Cyber4Sight), Christopher Porter (Chief Intelligence Strategist at FireEye), and Caleb Barlow (Vice President Threat Intelligence at IBM Security).

 

Sponsored Events

Cyber Security Summits: February 13 in Silicon Valley & Atlanta on February 28 (Silicon Valley, California, USA, February 13, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Hackers hit over 15 million users with new XMRig Monero cryptocurrency mining campaign (International Business Times UK) The campaign involved hackers making use of the URL shortener Bitly to trick victims into clicking on malicious ads.

Malware Epidemic: Monero Mining Campaigns Are Becoming a Real Problem (BleepingComputer) Malware that secretly mines Monero is becoming a real problem in the real world, with the number of different incidents growing with each week. For example, only this past week, three new attacks came to light.

Rise in cryptomining malware impacts organizations worldwide (Help Net Security) Cybercriminals are increasingly turning to cryptomining malware to develop illegal revenue streams, while ransomware and malvertising adware continue to impact organizations worldwide.

Cryptominers halting businesses in 'smash and grab attacks' (SC Media US) A recent uptick in cyberattacks on organizations using cryptocurrency-mining tools suggest a trend of cybercriminals using cryptominers for more disruptive and destructive attacks.

Cryptomining: Harmless Nuisance or Disruptive Threat? (Crowdstriks) Cryptocurrency mining is legal, but fraudulently compromising systems is not. Learn about this new threat from CrowdStrike® experts.

What is Lebal? New sophisticated malware found targeting several universities, government agencies (International Business Times UK) Researchers said the phishing attack included multiple layers designed to dupe even security vigilant users.

Dridex Banking Trojan Phishing Campaign Ties To Necurs (Information Security Buzz) It’s being reported that the operators of the the venerable Necurs botnet appear to be up to their old tricks, including targeting victims with a variety of phishing campaigns designed to infect them with banking malware, ransomware and cryptocurrency fever as well as to generate profits via dating website referrals. Andy Norton, Director of Threat Intelligence at Lastline commented below. …

Hacker steals US$440K in 'easily avoidable' digital currency breach (Security Brief) A hacker hijacked Black Wallet to steal around $440,000 from Bitcoin rival Stellar Lumen - High Tech Bridge's CEO says it was simple to prevent.

Industrial Safety Systems in the Bullseye (Dark Reading) TRITON/TRISIS attack on Schneider Electric plant safety systems could be re-purposed in future attacks, experts say.

Vulnerable industrial controls directly connected to Internet? Why not? (Ars Technica) Even some devices with patches available are connected to the naked Internet.

You are not alone Facebook and Instagram are down for many (HackRead) You are not alone, Facebook is down for many around the world especially in Europe, United States, India, Pakistan and South America.

You are not alone Netflix is down for many and slow for some (HackRead) You are not alone, Netflix is down for many while for some users the service is taking time in loading in Europe.

Fraudster almost got $900K from Harris County (Houston Chronicle) Federal and local law enforcement are investigating the attempted theft of nearly $900,000 from Harris County by someone posing as a contractor doing repairs after Hurricane Harvey.

Harris County tightens cybersecurity after almost losing $900K in phishing attack (Houston Chronicle) Harris County almost lost $900,000 in a phishing attack. Now, with the FBI investigating it and similar attacks on governments, the county is looking at ways to tighten its cybersecurity.

Allscripts recovering from ransomware attack that has kept key tools offline (CSO Online) Allscripts, the billion-dollar electronic health record (EHR) company headquartered in Chicago, IL said they were still working to recover from a ransomware attack that left several applications offline after data centers in Raleigh and Charlotte, NC were infected on Thursday.

Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack (BleepingComputer) The world's largest container shipping company —A.P. Møller-Maersk— said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017.

Security Patches, Mitigations, and Software Updates

Information Disclosure, DoS Flaws Patched in libcurl (SecurityWeek.Com) Information disclosure and DoS vulnerabilities have been patched in libcurl, a multiprotocol data transfer library used by many major companies

ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models (Threatpost) ASUS patched a bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root.

Mastercard to Implement Biometrics for In-Store Card Payments (Infosecurity Magazine) Consumers will be able to identify themselves with fingerprints or facial recognition when they shop and pay with Mastercard.

Facebook, Microsoft announce new privacy tools to comply with GDPR (Help Net Security) In four months the EU General Data Protection Regulation (GDPR) comes into force, and companies are racing against time to comply with the new rules and avoid being brutally fined if they fail to do so.

This month's Windows and Office security patches: Bugs and solutions (Computerworld) In spite of a whiplash patch/re-patch/re-re-patch cycle earlier this month, all is not doom and gloom. There've been a few actual fixes, too.

Cyber Trends

2018 Thales Data Threat Report - Global Edition | Data Security and Encryption Trends and Data Breach Statistics (Thales e-Security) The 2018 Thales Data Threat Report - Global Edition discusses the most recent trends in encryption and data security.

Businesses must be aware of IoT risks says Databarracks (BusinessCloud) New data reveals that only 27 per cent of organisations have policies in place to protect against Internet of Things threats

Malware Tactics Shifted (Infosecurity Magazine) Last year saw a distinct divergence in the types of attacks against businesses from attacks against consumers, Malwarebytes said.

Cyber attacks surge, ransomware leading the way (Help Net Security) The Online Trust Alliance (OTA) found that cyber incidents targeting businesses nearly doubled from 82,000 in 2016 to 159,700 in 2017.

Good privacy is good for business, so pay attention (Help Net Security) Data privacy concerns are causing significant sales cycle delays for up to 65 percent of businesses worldwide, according to findings in the new Cisco 2018

Marketplace

Tech firms let Russia probe software widely used by U.S. government (Reuters) Major global technology providers SAP , Symantec and McAfee have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government, a Reuters investigation has found.

Tech security giants McAfee, Symantec and Sap let Russia inspect software (Times) Russia has been allowed to delve into the inner workings of security software used by the US military and spy agencies and British industry. A Russian defence agency was allowed by the antivirus...

SAP, McAfee, Symantec let Russia review code (CNET) Security software firms let Russia look for flaws in their products, Reuters says. That's a concern for the US.

Software spying scandal is just the tip of the iceberg (Times) Would you hand your house keys to a private security company, giving its employees the right to see anything you do in your home, sort through your belongings and open your post? Put like that, the...

What is creating confusion in the cyber insurance market? (Canadian Underwriter) The lack of understanding around what is covered and how products are priced continues to sow confusion in the cyber insurance market. Robin Shufelt, assistant vice president of technology and cyber with The Sovereign General Insurance Company (a member of…

Cyber VC firm backed by ex-intelligence chiefs plans European deals (Reuters) A venture capital fund advised by former British and U.S. intelligence officials is planning a string of acquisitions to create a pan-European cyber security specialist.

Dell Technologies Considering IPO, Other Options, Sources Say (Bloomberg.com) Dell Technologies is considering strategic options including a public stock offering, according to people familiar with the matter, as the corporate-technology company seeks ways to boost revenue and raise funds.

Raytheon Execs Defend Forcepoint, Promise Growth (Aviation Week) Wall Street analysts peppered Raytheon Chairman and CEO Tom Kennedy and CFO Toby O’Brien with questions Jan. 25 after subsidiary Forcepoint reported a loss of $8 million in the fourth quarter of 2017.

Xconomy: Columbia Spinout Allure Security Bags $5.3M to Guard Business Data (Xconomy) Allure Security Technology, a Boston-area cybersecurity startup with roots at Columbia University, announced Thursday it has raised $5.3 million in seed funding...

3 Cybersecurity Stocks to Look at in 2018 (Madison) The cybersecurity industry saw impressive growth last year as corporations scrambled to get their houses in order following a series of serious breaches throughout the year. For example, the economic

The DNC’s New Chief Security Officer Knows All About Crisis (WIRED) At Yahoo, Bob Lord led the response to two massive cyberattacks. Now he's bringing that know-how to the Democratic National Committee.

Products, Services, and Solutions

New infosec products of the week​: January 26, 2018 (Help Net Security) This week's featured infosec products are releases from the following vendors: Carbon Black, Exabeam, Fidelis Cybersecurity, Proxmox, Tripwire, Zyxel Communications.

DigiCert Certificates Will Be Publicly Logged Starting Feb. 1 (DigiCert) Starting February 1, 2018 DigiCert will submit all newly issued and publicly trusted SSL certificates to Certificate Transparency (CT) logs by default.

Forum Systems Advances Industry-leading API Security Gateway Technology (Forum Systems) Company’s award-winning Forum Sentry drives secure Amazon Elastic Compute Cloud deployments

Japanese insurers pair with Verizon to gauge cyberattack risks (Nikkei Asian Review) Japan's Mitsui Sumitomo Insurance and Aioi Nissay Dowa Insurance are teaming up with Verizon Communications of the U.S. to launch a risk asse

Fidelis Boosts Cyber-Security With Intelligent Deception Module (eWEEK) Fidelis advances its Elevate platform with deception capabilities to enable a broader Automated Detection and Response offering.

Cozy is building a personal cloud service that respects your privacy (TechCrunch) Meet Cozy, a French startup that wants to completely rethink how cloud services work. The startup first launched a Dropbox-like competitor to store,..

A Deep Learning Approach for Detecting Unknown Malware (Datanami) All of the major antivirus vendors at this point are moving towards machine learning approaches to keep up with the evolving threat landscape. That's the g

Comodo calls out Symantec certificate issues, applauds Google (SearchSecurity) Comodo CA's new leadership team discusses the Symantec certificate issues brought to light by Google and the opportunity they've created for Comodo.

Carahsoft to Resell Secureworks Threat Intell Products, Services to Public Sector (ExecutiveBiz) Carahsoft and Dell Technologies‘ Secureworks subsidiary have partnered to offer a suite of threat intelligence products and services to the public sector government contract acquisition vehicles. Secureworks said Wednesday its offerings are designed to help organizations avoid breaches and are now available to agencies through Carahsoft’s positions on the General Services Administration Schedule 70 and NASA‘s Solutions Enterprise-Wide Procurement contract. Carahsoft...

Technologies, Techniques, and Standards

Encrypt Before Sending, and Why Encryption Matters (Northrop Grumman) To encrypt a message is to convert it into a form that only authorized recipients can understand, even if it falls into unauthorized hands.

Cutting Through the Confusion on Threat Intelligence Feeds and Platforms (Security Week) Over the next five years, the threat intelligence market is predicted to grow more than 18% a year and reach nearly $9 billion by 2022.

War without the internet? Commandant says Marines need to revive old-style comms (Marine Corps Times) Marines also will need to start conducting training with the internet off, he said.

Design and Innovation

Even Years Away From Full Adoption, Blockchain Disruption Is Already Here (New York Law Journal) Cardozo School of Law’s Aaron Wright discusses how blockchain's development may mimic that of the World Wide Web, and what attorneys get wrong about smart contracts.

Research and Development

Center for Long-Term Cybersecurity Announces 2018 Research Grantees (CLTC) The UC Berkeley Center for Long-Term Cybersecurity (CLTC) is proud to announce the recipients of our 2018 research grants. In total, 37 different groups of researchers will share a total of over $1 million in funding to support a broad range of initiatives related to cybersecurity and other emerging issues at the intersection of technology and society.

Legislation, Policy, and Regulation

Australia takes over Solomon Islands internet cable amid spies' concerns about China (The Sydney Morning Herald) Australia's spy agencies were so concerned about the security and strategic risks posed by a plan for Chinese firm Huawei to build an internet cable linking the Solomon Islands to Sydney that the Turnbull government will now largely pay for the project itself.

Paranoia will destroy you: Why Chinese tech isn't spying on us (ZDNet) The notion that the Chinese government would spy on corporations and our agencies with electronic devices manufactured by Chinese companies is not only absurd but would be catastrophic to furthering their ambitions in world trade.

Centre to soon set up exclusive cyber response team for financial institutions (The Hindu Business Line) IT Secretary Sawhney says CERT-In has prepared a detailed report on the same

Perspective | How to fight mass surveillance even though Congress just reauthorized it (Washington Post) What the battle looks like after Section 702's reauthorization.

Litigation, Investigation, and Law Enforcement

Allscripts hit with a class-action lawsuit one week after ransomware attack (Fierce Healthcare) Barely a week after it was struck by a ransomware attack, Allscripts is facing a lawsuit alleging the company failed to adequately protect its systems.

US lawmakers press AMD, Apple, Intel, Microsoft and more over Meltdown and Spectre security embargo (Inquirer) Four Republican lawmakers reckon they have ways of making big tech firms talk,Security ,Intel,Microsoft,Meltdown,Spectre

The Hawaii Employee Who Sent The False Missile Alert Is Refusing To Cooperate With The Investigation (BuzzFeed) An official with the Federal Communications Commission said in a US Senate hearing on Thursday that they were disappointed the employee was refusing to cooperate.

Dutch intelligence reportedly hacked Russian election hackers in 2014 (TechCrunch) As if the story of the 2016 election and associated cyberattacks wasn't already complicated enough, new information now suggests that Dutch intelligence has..

Dutch revealed to US details of Russian hackers linked to DNC hack (The Sydney Morning Herald) The Dutch intelligence agency AIVD spied on the Russian group believed to be behind the hack of the Democratic Party ahead of US elections.

The Dutch intelligence services played an important role in the current FBI investigation into Russian influence on the American elections... (garethevans0108's Blog) The Dutch services have had unique access for at least one and a maximum of two and a half years to a group of Russian hackers who, according to Western intelligence services, were commissioned by …

Twitter accused of dodging Brexit botnet questions again (TechCrunch) Once again Twitter stands accused of dodging questions from a parliamentary committee that's investigating Russian bot activity during the UK's 2016 Brexit..

Facebook: Russian agents created 129 U.S. election events (Reuters) Facebook Inc said Russian agents created 129 events on the social media network during the 2016 U.S. election campaign, according to testimony to Congress, shedding more light on Russia's purported disinformation drive aimed at voters.

Defiant Republicans ready to send secret Russia memo to Trump (POLITICO) A review of the House Intelligence Committee's 13 GOP members shows firm support for what a top Justice Department official calls an "extraordinarily reckless" move.

As walls close in on FBI, the bureau lashes out at its antagonists (TheHill) The bureau's advocates are strangely uncurious about alleged improprieties with implications of the worst kind: Stasi-like tactics used against Americans.

The FBI’s Missing Texts (Wall Street Journal) More reasons to question the bureau’s 2016 election actions.

Facebook’s least favorite Austrian can now press privacy suit in Vienna (TechCrunch) A big blow for Facebook today after Europe's top court delivered a verdict in a long-running legal challenge that opens the door for plaintiff and privacy..

The Cynical Misdirection Behind #ReleaseTheMemo (WIRED) Congressman Devin Nunes has fired up his fellow Republicans over a mysterious memo, taking advantage of a secretive legal process to sow confusion.

Oxygen Forensics Works to Fight Domestic and International Child Exploitation; Partners with Project VIC (Oxygen Forensics) Oxygen Forensics, a worldwide developer and provider of advanced forensic data examination tools for mobile devices, drones and cloud services, today announced that it is partnering and integrating its product and technology with Project VIC.

With Google, Bitcoins, and USPS, Feds realize it’s stupid easy to buy fentanyl (Ars Technica) Simple search led investigators to sales of $766 million worth of fentanyl.

Your Sloppy Bitcoin Drug Deals Will Haunt You For Years (WIRED) Scouring the blockchain, researchers found years-old evidence tying Silk Road transaction to users' public accounts.

FCC schedules meeting to address prison cellphone issues (Federal Times) The agency is making good on Chairman Ajit Pai’s October pledge to U.S. Rep. David Kustoff that he would set up the meeting to address cellphones in the hands of inmates.

The Mexican Border-Crossing App That Suddenly Disappeared (Motherboard) “What would stop Border Patrol agents from signing up for this also?”

Jail for man who hacked 1000 student email accounts in search for sexually explicit images (WeLiveSecurity) A poorly-secured password reset utility allowed a man to access more than 1,000 email accounts at a New York City-area university in a hunt for sexually explicit photographs and videos.

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Cyber Security Summit - CYBERWIRE50

Newly Noted Events

Cyber Security Summit: Silicon Valley (San Jose, California, USA, February 13, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders from the FBI, Darktrace, @RISK Technologies and more. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Upcoming Events

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018. This one day event will bring the cyber community together to collaborate on the mission purpose of establishing innovation, education, workforce development, enhanced cyber readiness, and resilience.

Legal CIO (New York, New York, USA, January 31 - February 1, 2018) LegalCIO: Formerly the Law Firm Chief Information and Technology Officers Forum, combines cutting-edge updates on legal technologies with the chance to exchange practical guidance and discuss daily challenges with peers. The event will focus on the most relevant opportunities and challenges impacting today’s law firm information, technology and knowledge management professionals.

Women in Data Protection, Securing Medical Devices and Health Records (Washington, DC, USA, February 9, 2018) Join some of the top cyber and privacy professionals as they talk about the landscape of the medical device and electronic health records market. They will also talk about the dangers to patients' health and personal information, if or when their devices or EHR is breached by a hacker or inadvertently exposed by providers and staff.

Security Titans (Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very best InfoSec thought leadership in one, focused event. Keynote speakers Kevin Mitnick, the first computer hacker to make the FBI’s Most Wanted list, and Frank Abagnale, a hacker turned security consultant whose life was the inspiration for the film Catch Me If You Can, will share secrets from their hacking days.

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of an Europe-wide cybersecurity system and to create a dedicated, collaborative platform for the governments, international organisations and key private sector companies.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the knowledge and resources to develop, manage, or enhance an ITP. The course will help not only organizations required to maintain and submit an ITP, but any business or organization concerned with Insider Threat Risk Mitigation. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in source articles are those of the authors, not the CyberWire, Inc.