2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
October 30, 2018.
By The CyberWire Staff
Iranian officials say President Rouhani's phone was "recently" compromised, and would be replaced. Their announcement was terse and offered neither details nor attribution.
Motherboard describes the apparent role played by Saud Al-Qahtani (a.k.a. "Mr. Hashtag"), a close advisor to Saudi Crown Prince Mohammed bin Salman, in obtaining surveillance software from Milan-based HackingTeam. The Jerusalem Post describes the Saudis' surprising willingness to purchase other espionage tools from Israeli sources—they put the Kingdom's purchases at $250 million.
US state election officials are gratified by offers of free security tools from cybersecurity companies, but, as many CISOs would authenticate, they're finding the tools confusing and in many cases beyond their ability to use. The Department of Homeland Security is said to be thinking that this would have proceeded more happily had DHS served as a clearing house for the offers.
Malwarebytes warns that a Mac app, "Cointicker," installs keyloggers and backdoors along with its handy alt-coin price-tracker.
Researchers at Cymulate demonstrate a way of infecting Word documents by introducing malicious code into embedded video. The attack evades common forms of detection.
The Director of the Australian Signals Directorate warns that using "high-risk" Chinese telecom devices poses a threat to water and power infrastructure.
The US Commerce Department has, on national security grounds, banned US companies from selling to Chinese chipmaker Fujian Jinhua Integrated Circuit.
Russia and the US have offered the UN predictably competing proposals for international norms of conduct in cyberspace, the former favored by authoritarians, the other by liberal democracies.
Today's issue includes events affecting Australia, China, Germany, Iran, Israel, Pakistan, Russia, Saudi Arabia, United Kingdom, United Nations, United States.
Yesterday's summary referred to Twitter's takedown of accounts linked to Iran. While Twitter has over the past few weeks taken down such accounts, the takedown that better revealed the new direction of Iranian information operations was the one more recently executed by Facebook. That's the one we intended to highlight in our summary.
Create a culture of cybersecurity awareness with Coachable Moments.
According to The Ponemon Institute, two out of three insider threat incidents are caused by employee or contractor mistakes. The good news is, these mistakes can easily be avoided ... with the right coaching. Just in time for Cybersecurity Awareness Month, the Coachable Moments series from ObserveIT gives cybersecurity teams the tools they need to empower people to understand the policies and best-practices intended to keep them safe. Check out Coachable Moments today to learn more.
New York Times Event: Cyberwarfare with Google, Department of Justice & more(Washington, DC, United States, October 30, 2018) David Sanger, national security correspondent for The New York Times will moderate a discussion on cyberwarfare, one of the greatest threats to American democracy and commerce. He will be joined by John Demers, assistant attorney general for the national security division at the Department of Justice; Yasmin Green, the director of research and development for Jigsaw, a Google company; and Dmitri Alperovitch, co-founder of CrowdStrike, who discovered Russian hacking of the Democratic National Committee.
Maryland Cybersecurity Career & Education Fair(Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.
Cyber Attacks, Threats, and Vulnerabilities
Iranian official says president's cellphone was tapped(AP News) Iranian officials say President Hassan Rouhani's mobile phone was tapped, without providing details on who was behind it or what information they might have gleaned. The semi-official ISNA news agency on Monday quoted Gen. Gholam Reza Jalali, the head of a military unit charged with combatting sabotage, as saying Rouhani's phone was tapped "recently" and would be replaced with a more secure device. He did not provide further details.
Under Attack: How Election Hacking Threatens the Midterms(PCMAG) The United States is grappling with fundamental cybersecurity threats at every level of voting infrastructure, from malware-based campaign hacks to weaponized social media posts. But there are plenty of people trying to do something about it.
2018 midterm election study(Ghostery) We analyzed 981 candidate websites (House and Senate candidates for the 2018 midterm elections) and found that trackers are present on 87% of all sites considered and that around 13% of all campaign pages assessed were tracker free. 41% of pages assessed had 2 – 5 trackers on them; followed by 26% of pages with …
SBP instructs banks after ‘cyber attack’ on Bank Islami network(The News) “On the morning of October 27, 2018 certain abnormal transactions valuing Rs 2.6 million were detected by the Bank on one of its international payment card scheme. The Bank immediately took precautionary steps which, interalia, included shutting its international payment scheme. All monies withdrawn from accounts i.e. Rs 2.6 million have been credited in the respective accounts,” it said.
Kraken Ransomware Emerges from the Depths: How to Tame the Beast(McAfee Blogs) Look out, someone has released the Kraken — or at least a ransomware strain named after it. Kraken Cryptor ransomware first made its appearance back in August, but in mid-September, the malicious beast emerged from the depths disguised as the legitimate spyware application SuperAntiSpyware.
Exposed Docker APIs Continue to Be Used for Cryptojacking(BleepingComputer) Trend Micro has recently spotted an attacker that is scanning for exposed Docker Engine APIs and utilizing them to deploy containers that download and execute a coin miner. These containers then use scripts to spread to other systems.
Search for Chrome on Bing, and you might get a nasty surprise(HOTforSecurity) It's 2018, and you can still end up with your computer compromised by searching for the world's most popular browser. That fact was brought home once again by Twitter user Gabriel Landau who, immediately upon firing up his brand new Windows 10 laptop and trying to download... #bing #malvertising
An Update on the jQuery-File-Upload Vulnerability(Akamai) In the days following the original post concerning my disclosure of the flaw in jQuery-File-Upload (CVE-2018-9206), many people reached to me with a number of questions on various related topics. I think a blog post is the best way to...
Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures(TrendLabs Security Intelligence Blog) Using open source intelligence techniques (OSINT), we were able to get a glimpse of possible problem areas for the energy and water sectors. Using internet scanning (mainly through Shodan) and physical location mapping, we were able to identify a number of exposed and vulnerable HMIs, all of which are from small to medium businesses. What this tells us is how important cybersecurity is for each level of the supply chain as well as for each CI sector.
You're Not Imagining It: Civilization is Flickering; and it can be catastrophic(Control Global) Mike Assante wrote two blogs: You're Not Imagining It: Civilization is Flickering, part 1 and 2. Mike is saying is what I have been saying: network monitoring of control system networks is necessary but not sufficient. Moreover, it has been shown in laboratory demonstrations and actual incidents that cyber vulnerabilities exist that can lead to physical damage equipment such as transformers, motors, generators, etc. Damaging this equipment can lead to long term outages of electric systems, refineries, manufacturing, etc.
State of the States for Tech and Cyber(Government Technology) The survey results from two major government studies were released at the National Association of State CIOs (NASCIO) Annual Conference in San Diego this past week. The technology and cybersecurity results signal major change is coming — in many diverse ways. Here’s what you need to know as we head into 2019.
How People Use Connected Devices(Clutch) People own and use connected devices, particularly smart home appliances, to access personal information. Most connected devices people own, though, are used as singular technologies, according to our survey of more than 500 people who own a connected device. Read More
Spy chief wanted ban on China telecoms from Australian 5G(AP News) Australia's critical infrastructure including electricity grids, water supplies and hospitals could not have been adequately safeguarded if Chinese-owned telecommunications giants Huawei and ZTE Corp. were allowed to help roll out the nation's 5G network, a spy chief said. Mike Burgess, director-general of the Australian Signals Directorate, said his cyber experts had backed the government's decision in August to bar the two Chinese companies that he described as "high-risk vendors." It was the first time the secretive agency had disclosed such information.
China’s Bad Old Days Are Back(Foreign Affairs) Under Xi Jinping, China is extending political repression from its Western border regions into Hong Kong and other that once seemed relatively free by comparison. What we are witnessing is not a continuation of China’s oppressive status quo but the onset of something alarming and new.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Symposium on Securing the IoT(Boston, Massachussetts, USA, October 29 - 31, 2018) Join us for the Symposium on Securing The Internet of Things, featuring keynote speakers from the leading industry companies who are solving the issues of IoT and secure connectivity. There will also be...
Times Talks: Arming for Cyberwarfare(Washington, DC, USA, October 30, 2018) David Sanger, a national security correspondent and author of “The Perfect Weapon: War, Sabotage and Fear in the Cyber Age,” will moderate a discussion in Washington, D.C., on cyberwarfare, one of the...
SecureWorld Denver(Denver, Colorado, USA, October 31 - November 1, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Cyber Security Dallas(Dallas, Texas, USA, October 31 - November 1, 2018) Cyber Security Dallas will bring top speakers and industry experts to the Dallas-Fort Worth (DFW) metroplex, which boasts one of the largest concentrations of corporate headquarters in the United States.
InfoWarCon 18(Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential...
RETR3AT Cybersecurity Conference(Montreat, North Carolina, USA, November 2, 2018) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...
4th Annual Cyber Southwest (CSW) Symposium(Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW...
Hybrid Identity Protection Conference(New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts...
Hybrid Identity Protection Conference 2018(New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the...
Cyber Security & Artificial Intelligence MENA Summit(Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact...
2nd Annual Aviation Cyber Security Summit Summit(London, England, UK, November 6 - 7, 2018) Now in its 2nd year, the Cyber Senate Aviation Cyber Security and Resilience Summit (AVCIP2018) will take place on 6th and 7th in London United Kingdom 2018. This two-day executive forum will include presentations,...
Federal IT Security Conference: FITSC 2018(College Park, Maryland, USA, November 7, 2018) Phoenix TS and Federal IT Security Institute (FITSI) are partnering to host the third annual Federal IT Security Conference (FITSC) this November. Speakers from NIST, DHS, the Defense Department as well...
SINET Showcase(Washington, DC, USA, November 7 - 8, 2018) Highlighting and advancing innovation. SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.
SecureWorld Seattle(Seattle, Washington, USA, November 7 - 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Infosecurity North America(New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.