2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
November 2, 2018.
By The CyberWire Staff
The lull in Chinese cyberattacks during the previous US Administration and the early days of the current one appears to have amounted to a false dawn. Carbon Black's recent quarterly threat report has led some to conclude that the lull was a period of learning and development during which the PLA and the Ministry of State Security took lessons from Russian operations. Now it seems, as Ars Technica puts it, Beijing has "taken the gloves off."
There may be a partial explanation for Iran's terse warnings about cyberattacks. Bleeping Computer says, based in part on reporting by Israeli outlet Hadashot, that Iranian infrastructure has recently been afflicted with a "Stuxnet-like" strain of malware.
Trolling aside—and there's been no shortage of that—observers are wondering where the Russians are in the US midterm elections. The Bears have been relatively quiet, which leads nervous commentators to breathlessly predict a big surprise for next Tuesday's voting.
Russian information operations may have been more effective at home than abroad. Apparently conventional wisdom among Russians is that the US will experience a second Civil War by 2020. Celebrities and businesses sometimes come to take too much stock in their own press releases. The same might happen with trolling and statecraft, too.
US Cyber Command seems to be ready to retaliate in kind against any Election Day cyberattacks.
The BBC reports that tens of thousands of Facebook private messages, many from accounts based in Russia or Ukraine, are now for sale on the dark web.
Create a culture of cybersecurity awareness with Coachable Moments.
According to The Ponemon Institute, two out of three insider threat incidents are caused by employee or contractor mistakes. The good news is, these mistakes can easily be avoided ... with the right coaching. Just in time for Cybersecurity Awareness Month, the Coachable Moments series from ObserveIT gives cybersecurity teams the tools they need to empower people to understand the policies and best-practices intended to keep them safe. Check out Coachable Moments today to learn more.
Maryland Cybersecurity Career & Education Fair(Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.
Emotet Trojan Begins Stealing Victim's Email Using New Module(BleepingComputer) The Emotet malware is typically used as a banking trojan and more recently for distributing other malware, but has now become more versatile via a module that allows it to steal a victim's actual emails going back six months.
SMS Phishing + Cardless ATM = Profit(KrebsOnSecurity) Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.
How Hackers Exploit Online Games(Security Boulevard) Legitimate platforms like online gaming services are a breeding ground for hackers, with in-game currencies and micro-transactions putting a target on the gaming industry’s back
We need thicker skins in age of social media(Times) We live in an age when events that used to take place behind closed doors are now more visible. People leave traces of their stupidity online where once their tracks were covered and, for the most...
QuoVadis to be sold to US firm DigiCert(The Royal Gazette) Cybersecurity firm QuoVadis is to be sold by its Swiss owners to US company DigiCert.QuoVadis, which was founded in Bermuda in the late 1990s, was
Employee Discontent Threatens Google’s Reputation (Wall Street Journal) On Thursday, Google workers who took part in a walkout at the company’s offices around the world signaled a crisis in faith—one that, if widespread, could cause reputational harm, potentially affecting the Alphabet Inc. unit’s standing as an aspirational workplace, risk experts and analysts said.
Paul Wang joins High-Tech Bridge’s Advisory Board(CSO) With over 20 years of cybersecurity practice in all four Big 4 companies, Paul Wang will support High-Tech Bridge’s sustainable global growth, competitive AI strategy and customer value creation.
Managing Cyber Risks: A New Tool for Banks(BankInfo Security) Banks have a new tool available for developing cyber risk management programs. In an interview, architects of the Financial Services Sector Cybersecurity Profile,
Discussion Draft: ‘Consumer Data Protection Act(US Senate) To amend the Federal Trade Commission Act to establish requirements and responsibilities for entities that use, store, or share personal information, to protect personal information, and for other purposes.
Everyone in DoD is a cyberwarrior(Fifth Domain) Each person is responsible for cyber hygiene and cyber defense today, according to Vice Adm. Nancy Norton, director of DISA and commander of Joint Force Headquarters-DoD Information Networks.
Speaker Ryan appoints three to cyberspace commission(Homeland Preparedness News) Rep. Mike Gallagher (R-WI), Samantha Ravich, and Frank Cilluffo were appointed this week by House Speaker Paul Ryan (R-WI) to the Cyberspace Solarium Commission. The commission was established by the National Defense Authorization Act to develop a framework for U.S. … Read More »
Litigation, Investigation, and Law Enforcement
Senate Panel Seeks FBI Briefing on Super Micro Hacking Report(Bloomberg) A U.S. Senate committee asked the FBI and Department of Homeland Security for a classified briefing on a report saying China’s intelligence services used subcontractors to plant malicious chips in Super Micro Computer Inc. server motherboards.
Financial and psychological toll of catfishing scams(CBS News) A North Carolina woman is in jail for allegedly plotting to kill her mother for insurance money after she fell victim to a so-called catfishing scam, when stolen identities are used to lure people into fake relationships. These online romance scams can lead to bullying, cyberstalking, theft, and even worse consequences. Victims in the U.S. and Canada say they lost nearly a billion dollars over the last three years. Meg Oliver reports.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
InfoWarCon 18(Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential...
RETR3AT Cybersecurity Conference(Montreat, North Carolina, USA, November 2, 2018) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...
4th Annual Cyber Southwest (CSW) Symposium(Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW...
Hybrid Identity Protection Conference(New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts...
Hybrid Identity Protection Conference 2018(New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the...
Cyber Security & Artificial Intelligence MENA Summit(Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact...
2nd Annual Aviation Cyber Security Summit Summit(London, England, UK, November 6 - 7, 2018) Now in its 2nd year, the Cyber Senate Aviation Cyber Security and Resilience Summit (AVCIP2018) will take place on 6th and 7th in London United Kingdom 2018. This two-day executive forum will include presentations,...
Federal IT Security Conference: FITSC 2018(College Park, Maryland, USA, November 7, 2018) Phoenix TS and Federal IT Security Institute (FITSI) are partnering to host the third annual Federal IT Security Conference (FITSC) this November. Speakers from NIST, DHS, the Defense Department as well...
SINET Showcase(Washington, DC, USA, November 7 - 8, 2018) Highlighting and advancing innovation. SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.
SecureWorld Seattle(Seattle, Washington, USA, November 7 - 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Infosecurity North America(New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business...
Kingdom Cyber Security(Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.
API Security Summit(London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations
from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.
The Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.