skip navigation

More signal. Less noise.

Authentic8 Silo - The fastest and easiest way to conduct online investigations.

SOC analysts who use a cloud browser can reduce the time spent investigating cases by more than 50%. Instead of wasting time spinning up a VDI or connecting to a jumpbox, get online in seconds with Silo, a secure cloud browser and egress from hundreds of points of presence around the world.

The Week that Was.

BEC and ransomware.

Business email compromise attacks appear to be rising, at least in terms of the losses being reported (Help Net Security). So too are ransomware attacks, especially against US municipal governments (Wall Street Journal). These enterprises are often poorly secured, and the lasting damage done to the City of Atlanta has put the fear of hackers into them.

Find out what midsized enterprises are doing right to hit the cybersecurity “sweet spot.”

Despite having bigger budgets and greater resources, large enterprises aren't better protected from cyberattacks than are their smaller counterparts. The sweet spot for cybersecurity is found among midsized businesses, which testing finds performed best at protecting their assets and mitigating their security risks. That's the conclusion of Coalfire's inaugural Coalfire Penetration Risk Report, based on more than 300 penetration tests in 148 companies worldwide.  Download the report to gather data-driven insights and make informed decisions based on Coalfire’s innovative analysis.

Ransomware protection racket has no actual ransomware.

Scammers are demanding protection money in advance, threatening prospective victims with a WannaCry infection and loss of data if they don't pay. Anyone receiving this email should ignore it. The senders have no ransomware; it's a pure scam (Naked Security). The crooks are pursuing an interesting demographic: people well-informed enough to know about WannaCry, but sufficiently unsure of themselves to be frightened into paying.

CyberSecJobs knows employers looking for your cyber expertise.

CyberSecJobs.com offers opportunities for ethical hackers, intrusion analysts, malware analysts, crypto architects and more to defend critical infrastructure. These jobs are available at various locations across the United States. For more information, visit cybersecjobs.com, and explore your future.

Hacking back. Or not.

FireEye denies a report that Mandiant's investigation of Chinese cyberespionage outfit APT1 involved hacking back. David Sanger's book, The Perfect Weapon, reports that Mandiant hacked back into APT1's computers, gaining access to the cameras on the attackers' laptops. Mandiant, now a unit of FireEye, was at the time of the investigation an independent company (Bleeping Computer). The firm says the author mistook an RDP session for live video of non-cooperating computers (Register). FireEye offers its comments in a spirit of clarification, and the book's author says the explanation strikes him as reasonable (Fifth Domain).

Such animadversions aside, some leaders in the electrical power sector are warning prospective grid-hackers that they will indeed face cyber retaliation (E&E News). Just not from FireEye, probably.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

 

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Ticketmaster hacked.

Ticketmaster UK suffered a hack involving a chat feature (Threatpost), which it blames on JavaScript customized by third-party vendor Inbenta (SecurityWeek). Inbenta says its code was never intended for use on anything as sensitive as a payment page (Computing). A bank, Monzo, says it warned Ticketmaster of a suspicious pattern of fraud in mid-April (TechCrunch). The incident is likely to become an important GDPR test case. 

Obtain full visibility into your security team with Cybrary.

It’s easy to track, measure, improve and grow your security team with Cybrary’s business platform. Not only will your team have access to an expansive catalog of IT and Cyber Security learning resources, you can operate more efficiently with full visibility, without compromising company standards. Start your team's free training pilot today!

Marketing firm exposes terabytes of data.

Marketing and data aggregation firm Exactis inadvertently exposed dossiers on 230 million Americans, basically every US citizen. The data include, says WIRED, "phone numbers, addresses, dates of birth, estimated income, number of children, age and gender of children, education level, credit rating, interests" etc. Also religion and smoking habits. Apparently no paycard or Social Security numbers, so America has that going for her.

Jitters about Russian cyber preparations.

Defense Minister Mihai Fifor says Romania is under more-or-less continuous Russian cyberattack (Fifth Domain). GCHQ's National Cyber Security Centre director Ciaran Martin offered a similar warning to Britain's Parliament, noting "a consistent rise in the appetite for attack from Russia on critical sectors" (The National). Their comments will surprise few. Romania sits just across the Black Sea from Russia. It's also a NATO partner whose proximity would tend to draw Moscow's attention. Britain has long experienced tension with Russia, heightened by Moscow's nerve agent attack in Salisbury.

A pointed warning of battlespace preparation came from Ukraine at midweek. The head of Ukraine's national cyber police has warned that Russian operators are staging malware in Ukrainian enterprises, presumably for a coordinated campaign as some later date. Ukrainian authorities say they've detected evidence that preparation for a major round of cyberattacks is in progress against financial institutions and energy infrastructure. The operation as it's understood so far has proceeded in familiar stages. First, compromise of legitimate Ukrainian government email accounts. Second, phishing campaigns mounted against infrastructure targets using those compromised accounts. Third, installation of malicious payloads. The malware is believed to have established backdoors in banking and energy enterprises, where it will presumably be held in reserve until the attackers decide to execute (Reuters). Russia denies any involvement in the apparent battlespace preparation (Radio Free Europe | Radio Liberty)

The threat, should it materialize, is unlikely to be confined to Ukraine. NotPetya began with attacks on Ukrainian targets last June and quickly spread worldwide (Insurance Journal). Several Western companies were hit hard. They might not have been primary targets of the attack, but the effects they felt may have been less collateral damage than welcome side-effect. FedEx recently pegged the costs of NotPetya at roughly $400 million (Wall Street Journal).

This is rumor control...

While morale-building and rumor control appear during wartime emergencies, it's striking to see calls for them as a permanent and necessary government responsibility. An example appears in a Dark Reading op-ed, which asks rhetorically if it isn't time for government to take up defense (management and regulation) of social media as critical infrastructure.

Conspiracy theories and counter-radicalization.

The big thing is to catch them early, or so say two Virginia Tech researchers who slogged through a decades' worth of Reddit conspiracy chatter (r/conspiracy). They concentrated on theories that arose after four tragedies: the Boston Marathon bombing, the Sandy Hook school shooting, the disappearance of Malaysian Air MH17, and the shootings in Aurora, Colorado. They concluded that conspiracy speculators fell into three groups: (1) veteran users of r/conspiracy, (2) converts, active elsewhere on Reddit but new to conspiracies, and (3) joiners, who found Reddit post-tragedy and spent their time in conspiracy subreddits. Veterans seem incorrigible, converts grow skeptical over time, but joiners may stay, and can lend momentum to a theory. Thus counter-radicalization efforts might best be spent on joiners, who appear amenable to persuasion once they leave their echo chamber (WIRED).

Nudging toward publicity?

Norwegian consumer watchdogs think both Google and Facebook are nudging users away from privacy. The Norwegian Consumer Council (NCC) complains that Facebook and Google, and to a lesser extent Microsoft, offer services that exhibit "dark patterns": default anti-privacy settings, confusing layouts, "the illusion of choice," and various design choices that offer positioning, visual clues, and so forth that have a tendency to push people toward more self-revelation than is probably good for them. The NCC also found issues with Windows 10, but it was only half as privacy unfriendly as were Facebook and Google. As they put it in their study, "Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was preselected." So the moral would appear to be a familiar one—take pains to be an informed consumer, especially when consuming a free service from a company that realizes revenue from marketing (Help Net Security).

Regulating toward privacy?

California's legislature hastily enacted a sweeping privacy law that forestalled even more sweeping regulation of the tech industry proposed by a ballot initiative. The regulations take effect in 2020 (Wall Street Journal).

Facebook's internal audit.

Facebook's continuing audit of apps and data usage turns difficult. It's proving difficult for the company to track down third-party data use, many such parties being either uncooperative or defunct (Wall Street Journal). And critics see Facebook as slow and unresponsive in its reaction to discovery in April of a quiz app's having leaked data on some 120 million users (TechCrunch).

Crime and punishment.

Ukrainian police busted four coders for running bogus cryptocurrency exchanges (Econo Times).

A South Korean gamer gets a year in prison for cheating at Overwatch, and, worse yet, selling his cheats to other gamers (TechCrunch).

A US multi-agency Federal task force arrested a number of alleged drug dealers who operated on the dark web. Federal agents posed as cryptocurrency money-launderers to get close to the suspects; they identified sixty-five targets of investigation (Motherboard).

NSA alumna and former contractor Reality Winner entered a guilty plea Tuesday to charges under the Espionage Act this week. She and her supporters had hoped to challenge the Government's case on the grounds that Ms Winner was acting in the public interest, but that line of defense didn't work out, and she will, under the terms of her plea agreement, face up to five years' imprisonment for “willful retention and transmission of National Defense Information.” Ms Winner was caught when the Intercept attempted to verify a printed document's authenticity by showing it to US authorities. They identified the printer used to produce it, found that only six people had used that printer for this particular document, and then determined that Ms Winner had used her work email account to communicate with the Intercept (Los Angeles Times).

Fortunes of commerce.

The US Congress would like Google to explain why it's willing to work closely with Huawei, a company presumably just one remove from the People's Liberation Army, and yet is unwilling to cooperate on research with the US Department of Defense (Law 360). The cooperation with Huawei consists largely of the Chinese company's dependence on Google's Android mobile operating system and of a cooperative messaging program between the two firms (CNBC). And there are concerns that ZTE involvement with Confucius Institutes at US universities renders those cultural centers espionage hubs (Daily Beast).

In any case the US Government shows little disposition to trust either Huawei or ZTE. "LIfeline" for ZTE or not, Government officials have been quietly briefing companies on the notable risks of doing business with either Chinese firm (CyberScoop). ZTE is unsure enough about its own future that it's delaying repairs to urinals lest it run afoul of a ban on importing American-made parts (Gizmodo).

In Australia, the Huawei affair is increasingly regarded as dispelling the notion that economic development and security are compatible by default. Substantial parts of public opinion are lining up for security (Australian Financial Review). The head of Huawei Australia, John Lord, disagrees, strongly (CRN).

Huawei's security chief says banning Huawei won't make the US (or presumably any other nation) more secure, which of course he would. But CSO Donald A. Purdy Jr.'s argument isn't merely baldly self-serving. He argues that a comprehensive risk management approach of the kind currently being advocated by the US Department of Homeland Security is able to handle any security risk any particular company might pose, and that in any case nation-state cyber threats are two complex and protean to be dealt with effectively by one-off bans of companies (Fortune).

While noting that such matters lie outside the normal scope of Commerce responsibilities, US Secretary of Commerce Wilbur Ross has agreed to a request from Senator Ron Wyden (Democrat of Oregon) that the Department assess the risk of espionage ZTE poses (South China Morning Post). Other members of the Senate are said to be working on a compromise that would permit ZTE's continued existence, but under severe security constraints (South China Morning Post). Still others, a bipartisan trio of Senators from Arkansas, Florida, and Maryland, would like the Department of Commerce to know that US companies are welcome to ditch the products of the big Chinese device manufacturer (Cyberscoop).

Kaspersky Lab's bid to restore trust by moving core processes from Russia to Switzerland is in train; its effects remain to be seen (Rappler). The company is also in talks with officials in Canberra to forestall any possible ban from Australian markets (ZDNet).

Mergers and acquisitions.

Identity-defined security company Ping Identity announced its acquisition of API security shop Elastic Beam (Digital Journal).

BAE says it has no intention of divesting itself of its US services units (Washington Technology).

McAfee says it will probably be in the market for other acquisitions beyond Skyhigh Networks, and also says an IPO isn't out of the question (Reuters).

Splunk has acquired VictorOps, which manages DevOps incidents. The purchase price is said to amount to $120 million (ReadITQuik).

Fortinet has closed its acquisition of Bradford Networks (Global Legal Chronicle).

There's been a wave of artificial intelligence firm acquisition. Nine big companies are pushing that wave: Alphabet, Apple, Facebook, Amazon, Intel, Microsoft, Meltwater, Twitter, and Salesforce (Fortune).

Investments and exits.

The famous Silicon Valley venture capital firm Andreesen Horowitz has opened a new fund that will concentrate on backing cryptocurrency and blockchain startups (WIRED).

Rain Capital has launched as a cybersecurity-focused venture capital firm (Dark Reading). They say they're particularly interested in cloud-native security solutions (Pitchbook).

In the UK, IQ Capital is raising £125M to invest in British "deep tech" startups (TechCrunch).

Berlin-based VPN provider ZenMate has opened a crowdfunding campaign on Crowdcube (PRNewswire).

Quantum computing shop QxBranch said in a revised filing with the Securities and Exchange Commission that it's raised $8.5 million in funding. The company, which has said little about its funding, was established in 2014 as a joint spin-off by Australian engineering firm Shoal Group and US defense consulting firm Tauri Group, based in Alexandria, Virginia (Washington Business Journal).

Risk-protection software shop Social SafeGuard, specialists in hunting fakes and brand protection, has raised $11 million in a Series B round from AllegisCyber and NightDragon Security. The company intends to use the investment for platform expansion and go-to-market work (PRWeb).

Cynet, which offers what it characterizes as a holistic detection and response platform, has also announced a Series B round, this one for $13 million. The investors include Norwest Venture Partners,  Shlomo Kramer, and Ibex Investors (BusinessWire).

Bitsight, which offers enterprise security ratings, has raised $60 million in a Warburg Pincus-led Series D round. The company now is more than halfway to unicorn status, with a valuation estimated at around $600 million (TechCrunch).

Balbix, which offers a "predictive approach" to enterprise security, has raised $20 million in a Series B round led by Singtel Innov8 (the corporate fund of Singapore telco Singtel) and Abu Dhabi-based Mubadala Ventures. Existing investor Mayfield Fund participated, as did various angels, including Cisco veterans John Chambers and Pankaj Patel (TechCrunch).

BigID, a start-up that helps enterprises secure customer data to remain in compliance with GDPR and other regulations, has raised a $30 million Series B funding round. The funding, led by Scale Venture Partners with participation from previous investors ClearSky Security, Comcast Ventures, BOLDstart Ventures, Information Venture Partners, and the SAP.iO Fund, will be used scale go-to-market activities and increase the pace of product development (SecurityWeek).

JASK, which offers a platform that seeks to automate many Tier 1 security analyst functions, has raised $25 million in a Series B investment. Kleiner Perkins led the round, with additional participation from existing investors Battery Ventures, Dell Technologies Capital, TenEleven Ventures and Vertical Venture Partners (Help Net Security).

Australian cloud provider Bulletproof's founder reviews the advantages and disadvantages of taking a company public (ARN). ESET sees mostly disadvantages. It likes being privately held and not beholden to venture investors either (IT Web).

And security innovation.

Lockheed Martin is opening a new cyber facility in San Antonio, Texas, where it will be the first tenant at the city's Project Tech innovation hub (Fifth Domain). 

London-based Level 39 tries a different, talent-matching approach to bringing start-ups together with venture capitalists (TechWorld).

The Commonwealth of Virginia's Center for Innovative Technology (CIT) offers a rundown of some of its more than two-hundred investments in tech start-ups. Several of their companies have become familiar names in the security sector: Distil Networks, ThreatQuotient, NS8 and RunSafe Security, among them (Globe Newswire).

Notes.

Today's issue includes events affecting .

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.