Palo Alto's Unit 42 thinks the Sofacy Group is quietly changing its tactics. Sofacy, generally regarded as belonging to Russia's GRU (a.k.a. Fancy Bear, Pawn Storm, Sednit, or Tsar Team) had tended to prospect a small number of selected individuals within a targeted organization. They also tended to use the same exploits and malware against those individuals. For all of Fancy Bear's reputation for being noisy, this is a relatively unobtrusive approach. But now Unit 42 sees the group adopting parallel attacks, a "shotgun" approach to many more individuals. They're also using a more diversified set of exploits and malware, presumably to achieve higher infection rates.
Intezer researchers say they've found a backdoor in the wild that's based on Hacking Team tools.
Guardicore Labs describes Operation Prowli, a campaign that manipulates traffic and mines cryptocurrencies. There are roughly 40 thousand infected machines in a wide range of organizations and sectors.
VPNFilter is not only attempting to reconstitute its botnet of routers, but it's now been found to infect more models than it had formerly captured. Cisco's Talos unit has found infestations in ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE devices.
Retailers pull CloudPets from their physical and virtual shelves. The plush toys share audio messages in a cloud, which is fine, but those messages transit an unsecured MongoDB server.
Seeking to return to American good graces ZTE pays a $1 billion fine and replaces its leadership.
The US Senate wants answers from both Facebook and Google about data-sharing with Huawei.
$8.76 million: The average yearly cost of insider threats. Get the report.
Insider threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by downloading the full report. Get your copy today.
8th Annual (ISC)2 Security Congress(New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.
Sofacy APT Has Subtly Changed Tactics(BleepingComputer) A well-known Russian cyber-espionage group has subtly changed its modus operandi, moving to what security researchers from Palo Alto Networks are calling "parallel attacks."
Sofacy Group’s Parallel Attacks(Palo Alto Networks Blog) Unit 42’s continued look at the Sofacy Group’s activity reveals the persistent targeting of government, diplomatic and other strategic organizations across North America and Europe.
New Backdoor Based on Hacking Team Tool(ISS Source) A new backdoor created by the Iron attack group has infected at least 2,000 victims so far, researchers said. The backdoor source code comes from the Hacking Team..
New KillDisk Variant Hits Latin American Financial Organizations Again(TrendLabs Security Intelligence Blog) Last May, we uncovered a master boot record (MBR)-wiping malware in the same region. The telltale sign was a problem related to the affected machine’s boot sector. Based on the error message it displayed after our tests, we were able to ascertain that this was another — possibly new — variant of KillDisk.
Further Down the Trello Rabbit Hole(KrebsOnSecurity) Last month’s story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem.
Atlanta officials reveal worsening effects of cyber attack(Reuters) The Atlanta cyber attack has had a more serious impact on the city's ability to deliver basic services than previously understood, a city official said at a public meeting on Wednesday, as she proposed an additional $9.5 million to help pay for recovery costs.
Fake lotteries trying to use FIFA World Cup fever to scam people(WeLiveSecurity) The FIFA World Cup is fast approaching and anticipation for the event in Russia is increasing as the countdown continues to kick off on June 14. Unfortunately, the amount of fake lotteries and giveaways trying to abuse the event is also on the rise.
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Updates for Multiple Products(US-CERT) Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
Are We Headed for a 'Cyber Cuban Missile Crisis' with Russia?(The Cipher Brief) Bottom Line: The risk posed to U.S. national security by what are believed to be Russian-backed hacking groups, is similar to the October 1962 Cuban Missile Crisis according to Cipher Brief Experts, but different, in that the U.S. has no clear and obvious deterrent this time around. Recent Developments: The FBI recently forced its way … Continue reading "Are We Headed for a ‘Cyber Cuban Missile Crisis’ with Russia?"
Ransomware is #1 for Cyberinsurance claims!(National Law Review) HealthITSecurity.com reported that more “…than one-quarter of cyber insurance claims received by AIG last year were the result of ransomware attacks, the largest percentage of any cyberattack type, according to the insurance giant’s 2017 cyber insurance claim statistics.”
The Critical Need to Improve Compliance Processes(KnowBe4) Depending upon one’s perspective, compliance activities are either a fortunate fact of life for most organizations because they can minimize the risk associated with running afoul of various governmental and best practice obligations; or they’re an unfortunate part of doing business because of the cost and effort required to manage them properly.
The Exabeam 2018 State of the SOC Report(Exabeam) The Exabeam 2018 State of the SOC Report is based on the results of an April 2018 survey of US and UK security professionals who are involved in the management of Security Operations Centers (SOC) across CISO, CIO, analyst, and management roles.
Some 37 percent of devices in Armenia exposed to infection attempts (ARKA Telecom) About 37% of devices used by Internet users in Armenia in January, February and March 2018, faced attempts of infection with malicious software , making Armenia the 7th country in this respect, according to the data of Kaspersky Lab, obtained with the help of Kaspersky Security Network (KSN).
Chinese phone maker ZTE saved from brink after deal with U.S.(Reuters) U.S. Commerce Secretary Wilbur Ross said on Thursday the government has reached a deal with ZTE Corp that reverses a ban on its buying parts from U.S. suppliers, allowing China's No. 2 telecommunications equipment maker to get back into business.
CounterTack Buys GoSecure to Take On CrowdStrike, Carbon Black(Channel Partners) CounterTack said its acquisition of GoSecure expands its previous partnership with the company to a MDR platform-as-a-service for its domestic and international customers, and it will enhance its offerings for enterprises of all sizes, whether deployed on-premise, hosted or managed in the cloud.
Why creativity is key to security(Help Net Security) Security teams are under tremendous pressure today, and are often times not thought of as innovative or creative. Yet that’s precisely what needs to happen.
Balancing Modernization and Cybersecurity(MeriTalk) The digital transformation in government IT is driving modernization but also expanding the attack surface Federal agencies have to protect. The traditional perimeter no longer exists. Today, there is no “inside” or “outside” the network when it comes to detecting, defending, and deterring cyber attacks.
Six years since World IPv6 Launch: entering the majority phases(Security Boulevard) As reported in an ISOC report last year, IPv6 adoption is now solidly in the "early majority phase" of the technology adoption life cycle by many metrics (well past "innovators" and "early adopters"), with progress beyond that in some areas....
Blocking facial recognition surveillance using AI(Naked Security) If AI is increasingly able to recognise and classify faces, then the only way to counter this creeping surveillance is to use another AI to defeat it. Thanks to the University of Toronto, this may …
Virginia Tech team tops in cyber capture-the-flag (VT News) Seven computer engineering students took first place in MITRE’s Embedded Capture-the-Flag contest, which tasked them with designing a secure ATM banking system and then attacking the designs of 10 other universities.
ZTE fined $1 billion(TechCrunch) After much negotiation with the Trump Administration, Secretary of Commerce Wilbur Ross confirmed this morning that ZTE, the Chinese telecommunications giant, has agreed to a $1 billion fine. That penalty was assessed following an investigation showing that ZTE had violated U.S. sanctions by sellin…
House panel votes down measure to force DHS to detail ZTE threat(TheHill) The House Homeland Security Committee on Wednesday voted down a Democratic resolution that would have forced the Department of Homeland Security (DHS) to provide lawmakers with more information about the threat posed by Chinese telecommunications firm ZTE.
The sweeping surveillance of American lives(Orange County Register) Civil liberties groups are correctly demanding the release of more information on a reported surge in U.S. call records collected by the National Security Agency.
ZTE Pays $1 Billion Fine in Settlement With U.S.(Wall Street Journal) The U.S. and China have reached a deal that will allow telecom company ZTE to continue to do business, requiring it to pay a $1 billion fine and place U.S. enforcement officers in the company to monitor its actions.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Health Cybersecurity Summit 2018(Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency...
SINET Innovation Summit 2018(New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration...
CYCON: Cyber for the Community(Reston, Virginia, USA, June 9, 2018) Join us for a day of Cyber Security talks on privacy, lock picking, the Dark Web, cyber education, building attack machines, phishing attacks, malware analysis, Internet of Things security, threat monitoring...
Transport Security and Safety Expo(Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly...
Transport Security & Safety Expo(Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.
Dynamic Connections 2018(Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive...
Norwich University Cyber Security Summit(Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format,...
GovSummit(Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...
The Cyber Security Summit: DC Metro(Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is...
Impact Optimize2018(Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity.
Nuclear Asset Information Monitoring and Maintenance(Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s...
The Cyber Security Summit: Seattle(Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Cyber Security Summit 2018(Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.