2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
October 24, 2018.
SecurityWeek's ICS Cyber Security Conference
There's growing awareness among corporate board members of the cyber risks to industrial control systems. That's one of the relatively positive outcomes of the pain inflicted by last year's NotPetya infestations. Symposiasts at SecurityWeek's ICS Security Conference in Atlanta expressed some gratification at the extent to which traditional Risk Management Framework practices are increasingly being adopted. Unsurprisingly, they think there's more work to be done.
In particular they see asset management as a widespread deficiency. Organizations continue to scramble, improvising asset management even in the course of incident response. Sound configuration management can't be taken for granted, especially when industrial plants use equipment they acquired years ago, and for which documentation may be sadly lacking. And knowing your attack surface, Rockwell Automation's Umair Masud said, was likely to be at least as important as, and arguably more important than, detailed intelligence of particular threats.
While there may be an approaching convergence of IT and OT, the two worlds remain farther apart, culturally and technically, than one might wish. Indegy's Barak Perelman emphasized the informal modes of information transmission still found in OT (that system was inherited, there were lots of changes made along the way, it's been around for years, and there's no documentation) and a lack of IT appreciation for the realities of industrial systems ("No, I can't just restart the turbine").
Dragos, in a presentation on Xenotime, the threat actor behind the Trisis malware that hit safety systems in an unnamed Saudi energy production facility, emphasized the disturbing news that cyberattacks were now designed to kill. Trisis was intended to be lethal, and other such attacks can be expected. Dragos CEO Robert M. Lee did offer some encouragement when he cautioned people against forming a picture of the attacker as hyper-competent and effectively invincible. Instead, he argued, remember that they make mistakes. They certainly did with Trisis—their attack on safety systems shut the facility down, twice, which wasn't their intention. Lee suggested an alternative picture of the ICS hacker: they're 18 to 30 years old, in their first government job, and dealing with management and PowerPoint "just like you."
By The CyberWire Staff
FireEye yesterday attributed "with high" confidence the Triton/Trisis attack against safety systems in a Saudi petrochemical facility to Russia. The attribution might more strictly be one of association or involvement: FireEye concluded that some of the code was written by the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM) in Moscow, an organization of course operated by the Russian government. Who else may have been involved in the attacks, and how they came to be given the code, remain complicated questions. The evidence FireEye cites is of the convincing circumstantial variety—code written using Cyrillic characters, its preparation coinciding with Moscow office hours, an apparent handle linked to a known Russian individual, IP addresses etc. That CNIIHM has the capability to prepare code like Triton/Trisis seems clear.
The US has begun to reach out directly to individuals involved in Russian influence operations. US Cyber Command is reported to be direct-messaging trolls engaged in attempts to disrupt elections and otherwise make mischief. The message is simple and direct: we know who you are and what you're doing, and you'd be well-advised to knock it off. Observers differ as to how effective this will be as a deterrent, but recent US indictments of individual Russian nationals for their role in influence operations give the warnings some point. And it's unknown what other retaliatory operations Cyber Command may have under preparation or under way.
A Cylance study concludes that threat intelligence, while a good thing, also drives the bad actors to improve.
A year in, companies unsure of risk under China's Cyber Security Law, says Control Risks.
Over a year into China’s Cyber Security Law, Control Risks experts say its vague definition and application leaves multinational companies struggling to understand their risk. Further, how strictly the government will crack down and the extent of penalties for non-compliance remain open questions. Nonetheless, companies operating in China must understand their unique exposure and specific cyber, physical and procedural requirements. Let Control Risks help you make the critical decisions to seize your opportunities in China.
SecurityWeek 2018 Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, United States, October 22 - 25, 2018) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Register today for the original ICS/SCADA Cyber Security Conference – October 22-25 in Atlanta.
New York Times Event: Cyberwarfare with Google, Department of Justice & more(Washington, DC, United States, October 30, 2018) David Sanger, national security correspondent for The New York Times will moderate a discussion on cyberwarfare, one of the greatest threats to American democracy and commerce. He will be joined by John Demers, assistant attorney general for the national security division at the Department of Justice; Yasmin Green, the director of research and development for Jigsaw, a Google company; and Dmitri Alperovitch, co-founder of CrowdStrike, who discovered Russian hacking of the Democratic National Committee.
Maryland Cybersecurity Career & Education Fair(Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.
Whack-A-Mole: The Impact of Threat Intelligence on Adversaries(Cylance) One of the great paradoxes in cybersecurity is that as defenders race ahead to identify the next and newest methods of attack, attackers often lag behind and reuse the old and obvious ones with success. In this Threat Intelligence Bulletin, we look back and show how easy it is for threat actors to change course after the publication of threat intelligence reports - and how valuable it can be for researchers, organizations and the public they serve to keep looking back.
Malicious Hackers Target the Safety-Minded, Curious in Phishing Schemes(Channel Partners) KnowBe4's Erich Kron said once an attacker has access to a victim's email account, they can reset other account passwords as well as using these legitimate accounts to attack others, and in organizations, this often leads to fake invoices being sent or to a redirection of payments to the attackers' accounts.
HoneyProcs : Going Beyond Honeyfiles for Deception on Endpoints(Juniper) Deploying detection solutions on an endpoint host comes with constraints - limited availability of CPU, memory, disk and other resources, stability constraints, policy adherence and restrictions, the need to be non-intrusive to the user, the host OS and other application...
FireEye Unveils Free Email Threat Detection Service(ExecutiveBiz) FireEye has introduced a free cloud-based service meant to help organizations scan and detect potential malicious threats in email systems. The FireProof Email Threat Analysis offering includes a less than five-minute setup process and seeks to identify malware or sophisticated threats that can avoid cybersecurity defenses, the company said Monday. “In the evaluations that we’ve run for...
Mphasis and BAE Systems launch global CoE in Fraud Detection and Anti-Money Laundering(Express Computer) The partnership will see the formation of a Centre of Excellence, a virtual team created to deliver BAE Systems’ anti-money laundering and fraud detection and prevention solution, NetReveal. Mphasis will utilise their global delivery capability to help implement the technology to banking, financial services and insurance organisations
Startup boasts unhackable email protection for the rest of us(ZDNet) Life was simpler when it was just criminals ripping off your data. But today it is the state-sponsored hackers that pose the biggest threat to data security. Secure Channels Inc. is a startup addressing the whole data security lifecycle, including email.
New UltraFICO score stokes concerns about data privacy(American Banker) A new credit score that includes consumers' cash flow alongside their credit score is winning praise for its potential to help expand access to credit, but some worry it gives the credit bureaus even more data that could be compromised.
How science can fight insider threats(Help Net Security) Malicious insiders pose the biggest cybersecurity threat for companies because they can cause the most damage. Read about how to fight insider threats.
Long-awaited cyber agency nears, but will it change anything much?(Washington Examiner) The upcoming lame-duck session of Congress is poised to deliver the top item on the Department of Homeland Security's wish list — a bill paving the way for the DHS to create the government's first cyber-specific agency — but whether that translates into real security improvements remains an open…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Secutech 2019(Taipei, Taiwan, May 8 - 10, 2019) As the largest regional business platform for professionals in the security, mobility, building automation and fire safety solution sectors, Secutech is the annual gathering place for key players from...
2018 ICS Cyber Security Conference USA(Atlanta, Georgia, USA, October 22 - 25, 2018) SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity. Since 2002, the conference has gathered ICS...
Energy Tech 2018(Cleveland, Ohio, USA, October 22 - 26, 2018) The annual EnergyTech Conference & Expo is an organized event, supported by NASA and INCOSE, highlighting advancements in Energy, Smart-Grids and Microgrids, Aerospace, Critical Infrastructure, Security...
Global Resilience Federation Summit on Third-Party Risk(Leesburg, Virginia, USA, October 24 - 26, 2018) The purpose of the GRF Summit on Third-Party Risk is to increase awareness of security best practices, offer an opportunity for collaboration among third-party vendors and organizations’ risk management
other to improve holistic security. The Summit will provide training, education and networking on the critical cyber and physical security issues facing organizations, their vendors, and the areas where the two groups intersect. Space is limited for this complimentary event, and registration will be capped and by-approval only. Attendees will include ISAC/ISAO member organizations plus third-party vendors and suppliers.
Wild West Hackin’ Fest(Deadwood, South Dakota, USA, October 25 - 26, 2018) We’re back for another year of amazing talks, great company and exciting hands-on hacking labs. It will be hard to top our amazing inaugural year, but we’ve taken your feedback and plan to make this event...
Symposium on Securing the IoT(Boston, Massachussetts, USA, October 29 - 31, 2018) Join us for the Symposium on Securing The Internet of Things, featuring keynote speakers from the leading industry companies who are solving the issues of IoT and secure connectivity. There will also be...
Times Talks: Arming for Cyberwarfare(Washington, DC, USA, October 30, 2018) David Sanger, a national security correspondent and author of “The Perfect Weapon: War, Sabotage and Fear in the Cyber Age,” will moderate a discussion in Washington, D.C., on cyberwarfare, one of the...
SecureWorld Denver(Denver, Colorado, USA, October 31 - November 1, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Cyber Security Dallas(Dallas, Texas, USA, October 31 - November 1, 2018) Cyber Security Dallas will bring top speakers and industry experts to the Dallas-Fort Worth (DFW) metroplex, which boasts one of the largest concentrations of corporate headquarters in the United States.
InfoWarCon 18(Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential...
RETR3AT Cybersecurity Conference(Montreat, North Carolina, USA, November 2, 2018) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...
4th Annual Cyber Southwest (CSW) Symposium(Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW...
Hybrid Identity Protection Conference(New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts...
Hybrid Identity Protection Conference 2018(New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.