What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
April 19, 2019.
By the CyberWire staff
The US Special Counsel's report on Russian interference in the 2016 Presidential election was released in redacted form yesterday, finding insufficient evidence of collusion (that is, conspiracy and coordination) between the Trump campaign and Russian intelligence services, and offering no recommendation on obstruction.
The Mueller Report's conclusions about Russian operations are unambiguous: the GRU's Unit 26165 did the hacking, and the Internet Research Agency managed the influence campaign. The Report also concluded that the GRU's Unit 74455 retailed the results of the doxing through its subsidiaries DCLeaks and Guccifer 2.0, and through a sympathetic WikiLeaks.
TechCrunch reviews how the GRU worked: spearphishing, followed by credential theft. Once inside targeted networks the attackers used Mimikatz to harvest credentials. They used X-Agent for screenshots and keylogging, and W-Tunnel for data exfiltration. Middle servers were used to obfuscate the destination of the traffic. The discussion seems to be all about the GRU, Fancy Bear, with its FSB colleague Cozy Bear not earning a mention, unless it's buried obscurely in the report's 448 pages.
Iran's APT34, the hacking group also known as OilRig, is itself being doxed. A Telegram channel called "Read My Lips" is dumping the group's tools and some of its identities online. WIRED compares them to the ShadowBrokers. Whoever they are (neither disgruntled insiders, opposition groups, nor foreign intelligence services can be ruled out) their declared motive is exposing "this regime’s real ugly face."
KrebsOnSecurity thinks the hackers behind the Wipro attack may be a criminal gang, not necessarily a nation-state.
Earn Your Master’s in Cybersecurity from Georgetown
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Explore the program.
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Wipro Intruders Targeted Other Major IT Firms(KrebsOnSecurity) The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant, new evidence suggests. The clues so far suggest the work of a fairly experienced crime group that is focused on perpetrating gift card fraud.
New malware in old Excel skins(Avira Blog) Why worry about making a new malware trick when you can tweak an old Excel spreadsheet to do the job for you? Hackers are now doing just that: They are using new techniques to leverage their attacks based on a feature over 25 years old called Excel 4.0 (XLM macros). Despite the age, this feature …
Never Forget That You Are Being Watched(HackRead) What data do Facebook, Google, and mobile apps collect, do mobile carriers listen to your calls? Read this post and find answers to these and other privacy questions as well as get tips on how to protect your personal data.
Find Cyber Threats in Real Time(Finger Lakes Times) Milton Security Group, Inc.®, a leading cybersecurity company offering 24/7 monitoring, threat hunting, and incident response services, is pleased to announce its new Proof Of Value
Incident Response Plan Saves Money(The National Law Review) The Ponemon Institute recently completed research, sponsored by IBM Resilient, entitled “The 2019 Cyber Resilient Organization,” which surveyed more than 3,600 security and IT professional
The Cybersecurity Automation Paradox(Dark Reading) Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
Safeguarding Client Data: An Attorney's Duty to Provide 'Reasonable' Security(The Legal Intelligencer) Effective cybersecurity requires an ongoing, risk-based, comprehensive process that addresses people, policies and procedures, and technology, including training. Effective security also requires an understanding that security is everyone’s responsibility and constant security awareness by all users of technology.
Spies, Lies, and Algorithms(Foreign Affairs) Russian social media meddling in the 2016 U.S. election should serve as a wake-up call: U.S. intelligence community must shift its focus from counterterrorism to a suite of new technological threats, from AI to deepfakes and disinformation warfare.
Vietnam aims at becoming giant in cyber security(SGGP English Edition) Vietnam this year is going to announce its strategy on national digitalization in order to form a digital economy and society, as said by the Minister of Information and Communications Nguyen Manh Hung in the international conference on cyber security held yesterday in Hanoi.
U.S. boosting cyber defenses in face of Russian threat: Shanahan (The Washington Times) America’s cadre of cyber warriors are working tirelessly to curb the threat posed by Russian attacks on U.S. military and civilian networks, including those highlighted in Special Counsel Robert Mueller’s investigation into Moscow’s interference in the 2016 election, acting Pentagon chief Patrick Shanahan said.
From Tragedy Comes Action -- New Cyberbullying Law Said to Be Strongest in the Nation(Maryland Matters) A bill signed into law by Gov. Lawrence J. Hogan Jr. (R) on Thursday gives Maryland families unparalleled protections against online harassment aimed at their children, a leading lawmaker said, and could serve as a template for national legislation. Senate Bill 103 and its House companion HB 181 was dubbed Grace’s Law 2.0 by its …
The Mueller Report(TechCrunch) The Special Counsel’s report into Russian interference in the 2016 U.S. presidential election is out. TechCrunch is exploring hacking, disinformation, surveillance and more.
Read the full, redacted Mueller report(Washington Post) Attorney General William P. Barr has released the full, redacted report detailing Special Counsel Robert S. Mueller’s investigation into Russian interference in the 2016 election.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
BSidesIowa(Des Moines, Iowa, USA, April 20, 2019) BSidesIowa is the longest running security conference in Iowa. It is back in 2019 for its 6th event! There will be a Capture The Flag event presented by SecDSM, as well as presentations and networking...
Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis(Miami, Florida, USA, April 22 - 23, 2019) Insider Threat Program Management - Insider Threat Detection & Data Analysis Training
The Insider Threat Defense Group will be holding its next class "Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis", in Miami, FL, on April 22-23, 2019. At the completion of this training, students will be well versed on how to develop, implement, manage or enhance an ITP, and have the in-depth knowledge to gather, correlate and analyze an extensive amount of raw data sources to detect and mitigate Insider Threat Risks. The course has been taught to over 540+ organizations.
International Conference on Cyber Engagement(Washington, DC, USA, April 23, 2019) This year, the eighth annual International Conference on Cyber Engagement (ICCE) will be hosted for the first time by the Atlantic Council’s Scowcroft Center for Strategy and Security, in partnership with...
(ISC)² Secure Summit DC(Washington, DC, USA, April 23 - 24, 2019) (ISC)² Secure Summit DC evolved to assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of our event is to equip security leaders...
SecureWorld Toronto(Toronto, Ontario, Canada, April 24, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.