Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
November 20, 2018.
A CyberWire Daily News Briefing redesign is coming.
After the Thanksgiving holiday, we'll be rolling out a new format for our email. We've redesigned it the better to avoid falling into spam traps, or becoming inadvertently enmeshed in the array of anti-phishing measures increasingly deployed. You've seen some of these changes already with our addition of inline links to our summary. When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.
By The CyberWire Staff
Several nation-state threat actors have returned to action this week. They're back in familiar but upgraded forms.
North Korea's Lazarus Group is back, hitting financial institutions in Asia and Latin America. They're making improved use of backdoors. As usual with the Lazarus Group, the motive is financial (TrendLabs).
The Pterado backdoor campaign reported by Ukrainian authorities is now being attributed by observers to Russia, but that attribution remains preliminary and circumstantial. They associate Pterado with the Gamaredon threat group, widely believed to be a unit of Russia's FSB (Ars Technica).
Coincidentally or not, the newly reawakened Cozy Bear, also generally regarded as an FSB (or possibly SVR) unit, has deployed improved phishing techniques against US targets (WIRED).
And another Russian threat group, the Hades APT, is also back. Hades was responsible for the Olympic Destroyer wiper campaign that targeted the South Korean-hosted Winter Olympic Games. It's added anti-analysis and delayed execution as well as a single-stage dropper, which suggests that Hades is learning from and reacting to the measures used against it earlier n 2018 (Check Point).
Since November 12th, an unknown (but believed to be foreign) group has been attacking certified email accounts in Italy. Both the government and the private sector have been affected, with courts particularly disrupted (Reuters).
HackRead reports that both Facebook and Instagram are suffering widespread outages. This is the second significant outage in as many days: yesterday it was Messenger (Forbes). They're working on it: at this point the outages seem to be accidents.
Today's issue includes events affecting Canada, China, Ecuador, European Union, Iran, Italy, Democratic Peoples Republic of Korea, Russia, Singapore, Ukraine, United Kingdom, United States.
A quick note: we'll be observing Thanksgiving this week, so there will be no Daily News Briefing or Daily Podcast on Thursday or Friday, and no Week that Was this Saturday. Everything will return to normal Monday.
What are the brightest minds are saying about network security?
We're asking knowledgeable security insiders like you to take a short survey. In return, we're offering all qualified respondents a chance to enter a drawing to win one of three gift cards valued at $50 each. Join other cybersecurity leaders and share your viewpoints. Click here to take the survey.
Cyber Security Summit: November 29 in Los Angeles(Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Rapid Prototyping Event: The Turing Test(Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.
Olympic Destroyer Returns with Improved Arsenal(Security Boulevard) The hacker group that attacked the 2018 Winter Olympic Games IT infrastructure is still active and has recently been observed attacking organizations with The hacker group that attacked the 2018 Winter Olympic Games IT infrastructure with the Olympic Destroyer malware is still active.
New Strain of Olympic Destroyer Droppers(Check Point Research) Over the last few weeks, we have noticed new activity from Hades, the APT group behind the infamous Olympic Destroyer attack. Moreover, this new wave of attack shares a lot with those previously attributed to the group but it seems that this time we are witnessing significant changes that may hint at a new evolution...
An Introduction to Magecart(Akamai) Since at least September, a number of criminals have been targeting online shopping carts and skimming credit card data at checkout. Collectively, these criminals are being called Magecart. Researchers at RiskIQ and Flashpoint Intelligence have identified...
Security Patches, Mitigations, and Software Updates
On Pace To Break 20k Mark For Disclosed Vulnerabilities(Risk Based Security) The number of vulnerabilities through Q3 of 2018, though significant and on track to be over 20,000, is down from the same time last year and will likely fall short of the record-breaking 2017 year end numbers of more than 22,000 disclosed vulnerabilities, according to Risk Based Security.
Small Businesses, Big Breaches(SecurityWeek) Board of directors, business partners, consumers, and legislators all play a role in defining how much risk is acceptable in their organizations.
Apple’s Tools Sneak Into Business(Wall Street Journal) This summer, Apple addressed a major IT pain point with the launch of Apple Business Manager, which lets administrators manage Apple devices, apps and accounts. It’s being used by more than 40,000 businesses, including sneaker companies GOAT and Flight Club.
Mobey Forum sets up digital ID expert group(Finextra) Mobey Forum, the global industry association empowering banks and other financial institutions to shape the future of digital financial services, today announces the formation of the Digital ID Expert Group.
A closer look at HTC’s blockchain phone, the Exodus 1(TechCrunch) The Exodus 1 didn’t make its global debut on stage at TechCrunch Shenzhen. That was the plan, but stuff, as the saying goes, happens. It simply didn’t make its way from Hong Kong to China in time. I won’t lie, I was a bit suspicious of this latest turn of events. After month of teasing […]
The Czech tech to overcome Russian jammers(C4ISRNET) Czech company Era is relatively unknown outside of the electronic surveillance community and civil aerospace sector, but it has a rich history in passive sensor technology.
Can Army Afford The Electronic Warfare Force It Wants?(Breaking Defense) Army planners are thrashing out how many electronic warfare specialists the service needs, not just to rebuild radio-jamming and spoofing capability in combat units, but to create a training cadre that can sustain the EW corps for the long-term.
The SEC and Cybersecurity Regulation(Lawfare) American companies are getting hacked, and the Securities and Exchange Commission wants corporate executives to do something about it.
Litigation, Investigation, and Law Enforcement
We can detest Assange but don’t lock him up(Times) As his lawyers might put it, Julian Assange’s best defence against extradition to America is that there is no law yet against being really annoying. Remarkably it is now a little over six years...
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Transport Security Congress(Washington, DC, USA, April 2 - 3, 2019) The Transport Security Congress brings together business and security leaders from all sectors of passenger and goods transportation to discuss solutions to the evolving security and safety risk landscape.
Australian Cyber Conference 2019(Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...
Kingdom Cyber Security(Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.
API Security Summit(London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations
from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.
The Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
IEEE WIE Forum USA East(White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...
Securing Digital ID 2018(Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...
First Annual Maryland InfraGard Cybersecurity Conference(College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.