Beginner’s Guide: Open Source Network Security Tools
With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.
August 7, 2019.
Black Hat, BSides, and Def Con
We're in Las Vegas at Black Hat this week. Here are some of the stories that have caught our eye.
The interpenetration of criminal groups and espionage services.
Sometimes it's a protection racket; at other times it's more like moonlighting. APT41 seems to be moonlighting.
FireEye released a report this morning on APT41, a Chinese group that’s been observed executing espionage operations as well as financially motivated criminal campaigns. At Black Hat last night, FireEye’s John Hultquist, Nalani Fraser, and Barry Vengerik summarized and answered questions about the report. APT41 is known for targeting the video game industry, which the researchers believe is due to a hobbyist's interest used for financial gain. They said that there was a significant shift in the group’s activities in late 2015, in which the hackers moved away from intellectual property theft and towards strategic intelligence gathering from multiple different industries, including healthcare, telecoms, high-tech companies, and software supply chains. Simultaneously, APT41 continues to target the video game industry for what appears to be personal financial gain, although the researchers noted that it was strange that the Chinese government would allow them to use the same tools used in other state-sponsored campaigns for personal reasons.
"Broken, as an industry."
At Synopsys’ Codenomi-con last night, we heard Chris Roberts, Chief Security Strategist of Attivo Networks, say that “we are arguably broken, as an industry.” He pointed out that companies have increased their spending on cybersecurity to billions of dollars, while data breaches continue to rise. There could of course be a causal relationship here: if attacks increase, it's reasonable to expend an increase in spending on security. But Roberts sees this as a sign of misapplied effort, and not as a case of the Butterfield Effect.
He criticized disproportionate spending on conferences and marketing, and an inordinate focus on technologies and buzzwords that don’t really help customers. Roberts said that to fix this problem cybersecurity companies need to do a much better job of listening to their customers. He also argued that there needs to be an increased focus on proactive response, rather than simply detecting malicious activity. Additionally, Roberts said the industry needs to start bringing in fresh blood from other sectors, particularly from those sectors that know how to operate safety-critical systems, such as engineers. (As an aside, we note that an umpire at the US Naval War College's recent cyber war game argues a similar conclusion about a role for operating engineers.)
For organizations, Roberts recommended increasing awareness training to at least a monthly frequency, pointing out that attackers adapt their phishbait to match the time of year. Having a plan is essential, even if that plan is as simple as knowing whom to contact when things go wrong. Finally, Roberts argued that you can’t measure security—you can only measure risk. Organizations need to construct their defenses based around this concept, knowing that nothing can be completely secured against every threat.
Roberts concluded by quoting Dr. Martin Luther King Jr.: “We may have all come on different ships, but we're in the same boat now.”
We'll have further observations from Black Hat (and Def Con) throughout the week.
By the CyberWire staff
CISA yesterday warned that criminal campaigns are already in circulation to exploit news of last weekend's tragic killings in Texas and Ohio, urging that people be particularly wary of emails whose subject lines allude to either or both tragedies. CISA also says the scammers won't confine themselves to email: "Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to these events."
The Wall Street Journal reports that President Trump responded to the Dayton and El Paso shootings by directing the Justice Department to work with state and local authorities, and with major social media platforms to identify individuals likely to commit mass killings before those individuals actually open fire.
Trend Micro finds that LokiBot has grown more persistent, and also added steganographic obscuration features.
The US Justice Department announced yesterday that it had indicted a Pakistani national, Muhammad Fahd, with "conspiracy to commit wire fraud, conspiracy to violate the Travel Act and the Computer Fraud and Abuse Act, four counts of wire fraud, two counts of accessing a protected computer in furtherance of fraud, two counts of intentional damage to a protected computer, and four counts of violating the Travel Act." Fahd allegedly bribed workers at AT&T's facility in Bothell, Washington, to disable AT&T proprietary locking software on customers' phones, which would enable the unlocked phones to be used in any compatible network. Since AT&T subsidized a substantial cost of phones for customers in service contracts with the company, unlocked phones are valuable commodities.
Today's issue includes events affecting China, India, Israel, Kazakhstan, Democratic Peoples Republic of Korea, Pakistan, United States, and Venezuela.
Bring your own context.
Can you smell security? Not literally (usually) but maybe in a metaphorical sense.
"So code smells are a well known phenomenon in software, but more from a software maintenance perspective.... And one example of that is the 'shotgun surgery' code smell. So for instance, if you want to make some changes and if you have to make a single change and you have to make a lot of little changes in a lot of different places, then effectively, you're doing a kind of shotgun surgery, which means that your code is not very well modularized....
"And recently, we and other researchers as well - particularly at North Carolina State University - have been looking into whether there's an equivalent of the code smell, but more like a security smell? And there are interesting findings that you can actually see by looking at the code in itself that there are symptoms of where there might be, for example, poor security practices. So I mentioned there is work that has gone on at North Carolina State University, and they have looked at, particularly, code scripts that are used to deploy various pieces of software. And there are particular smells that you see there in the sense of that there are admin privileges by default or hardcoded secrets, empty passwords and things like that."
—Awais Rashid, professor of cybersecurity at the University of Bristol, on the CyberWire Daily Podcast, 8.2.19.
So maybe sniff out some misconfigurations in your cloud services, your IoT devices, and so on.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
And check out Recorded Future's weekly podcast, produced in partnership with the CyberWire. In this episode, "The Inevitable Evolution of SIEMs," Monzy Merza of Splunk discusses SIEMs and how they’ll need to evolve to keep up with the changes happening in the industry and the world at large.
Courageous Women CISO Brunch with Synack and CyberWire at Black Hat(Las Vegas, Nevada, United States, August 7, 2019) Connect and Collaborate with Fellow CISO Security Leaders at Black Hat. As always, you can expect an intimate environment with delicious food, refreshing drinks, and great company. Join us Wednesday, August 7, 10:00 AM at Delano Las Vegas, Suite TBD.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, MD, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
Dateline Black Hat, BSides, and Def Con
Black Hat USA 2019 Cybersecurity Conference: Day 2 News(MSSP Alert) Black Hat USA 2019 conference news spans MSSPs, Arctic Wolf Networks, AT&T Cybersecurity, BlackBerry, CrowdStrike, DFLabs, Digital Guardian, enSilo, Jask, Ping Identity, Proficio, Qualys, Secureworks & more.
APT41 Is Not Your Usual Chinese Hacker Group(PCMAG) APT41 is 'highly agile and persistent,' FireEye says. In one instance, the group deployed over 150 unique pieces of malware in a year-long campaign against a single target.
Black Unicorn Awards – Winners(Cyber Defense Awards) Of the 100 accepted nominations, only 50 made the cut. Of those 50, 20 are notable mentions which we will continue to watch as they operate their businesses. Of those 50, 30 made the cut as finalists. Of these 30 finalists, 10 winners are currently being selected by Judges Robert Herjavec, David DeWalt and Gary Miliefsky, 3 industry experts.
Black Unicorn Report(Cyber Defense Magazine) Predictions of Cybersecurity companies with current and future potential to reach a $1B valuation
Mimecast Threat Intelligence Report: Black Hat Edition(Mimecast Threat Center) The Mimecast Threat Intelligence Report: Black Hat Edition capitalizes on research conducted by the Mimecast Threat Center alongside Mimecast engineers with the objective of enhancing our email and web security services.
Twitter ‘fesses up to more adtech leaks(TechCrunch) Twitter has disclosed more bugs related to how it uses personal data for ad targeting that means it may have shared users data with advertising partners even when a user had expressly told it not to. Back in May the social network disclosed a bug that in certain conditions resulted in an account’s …
El Paso and Dayton Tragedy-Related Scams and Malware Campaigns(CISA) In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events.
Cylance Protect AV vulnerability patched(SC Magazine) Cylance has patched a vulnerability in the antivirus product that allowed attackers bypass the system's machine learning algorithm and insert suspect code
State of Threat Detection and Response(Fidelis Security) Key insights include: Confidence in security defenses have a ripple effect - Nearly half of respondents (49.02%) don’t have visibility of their entire cyber terrain and over half (55.03%) don’t have control over blind spots which lowers their confidence in their organization’s ability to identify insider threats...
Cloud Security Alliance Report Lists Top 11 Threats(MeriTalk) The Cloud Security Alliance (CSA) released its Top Threats to Cloud Computing Report today. The report, which was created after surveying 241 cloud industry experts, highlights the top 11 threats facing cloud computing. The report noted that cloud security issues are “often the result of the shared, on-demand nature of cloud computing.”
Defense Intelligence Agency Secures Intel Analysis Solutions(SIGNAL Magazine) BAE Systems Technology Solutions & Services Inc., Rockville, Maryland (HHM402-19-D-0005); Bluehawk LLC,* West Palm Beach, Florida (HHM402-19-D-0008); Booz Allen Hamilton Inc., McLean, Virginia (HHM402-19-D-0007); CACI Inc. – Federal, Arlington, Virginia (HHM402-19-D-0015)...
AT&T Launches Public Bug Bounty Program on HackerOne(BleepingComputer) Today AT&T is announcing their launch of a new public bug bounty programs on the HackerOne platform. This program will allow security researchers to report security bugs to AT&T in order receive a monetary reward.
Netwrix to introduce its Data Classification platform(Netwrix) The solution, based on the technology acquired from Concept Searching in December, enables organizations to reduce the exposure of sensitive data, meet compliance requirements, and improve employee productivity.
GrayHair Achieves SOC 2 Compliance and HITRUST Controls Mapping(Yahoo) GrayHair Software, the trusted partner and provider of mail tracking and address hygiene services to the largest mailers and mail service providers in the country, today announces the successful completion of a Service Organization Control (SOC) 2® Type II Audit
ThreatConnect Launches Developer Partner Program(Yahoo) ThreatConnect Inc.®, provider of the industry’s only intelligence-driven security operations platform, is excited to announce the launch of its Developer Partner Program. ThreatConnect’s Developer Partner Program will provide third-party companies with the resources and support they need to develop,
Hacking with elite white hats(ASU Now: Access, Excellence, Impact) At the world’s largest hacking conference starting Thursday, some of the top hackers around will compete to earn the coveted black badge only the best earn. ASU is playing a leading role at DEF CON, where attendees include cybersecurity professionals, security researchers and federal officials. “It’s considered either the Olympics or the Super Bowl of hacking,” said ASU's Adam Doupé, associate director of the Center for Cybersecurity and Digital Forensics who will be helping to lead the competition efforts.
Leader of Conspiracy to Illegally Unlock Cell Phones for Profit Extradited from Hong Kong(US Department of Justice, Office of Public Affairs) A 34-year-old citizen of Pakistan, who is alleged to have paid insiders at telecommunications giant AT&T to plant malware and otherwise misuse computer networks to unlock cellphones, was charged in a 14-count federal indictment unsealed yesterday following his extradition from Hong Kong to the Western District of Washington.
Facebook sues two app developers for click injection ad fraud(TechCrunch) Facebook has filed lawsuits against two app developers accused of generating fraudulent revenue using the social media giant’s advertising platform. The company announced the legal action in a blog post Tuesday. “The developers made apps available on the Google Play store to infect thei…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Virginia Cybersecurity Education Conference(Fairfax, Virginia, USA, August 13 - 14, 2019) The goal of the Virginia Cybersecurity Education Conference is to get attendees thinking about ways to engage students at all grade levels in hands-on, meaningful educational activities related to cybersecurity.
9th Annual Peak Cyber Symposium(Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Information Systems Security Association (ISSA) - Colorado Springs Chapter will once again host the 9th Annual Peak Cyber Symposium. This year's theme is "Cyber Hygiene: Everyday for Everyone." The...
Security Leaders Summit New York Fall(New York, New York, USA, September 12, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
Fraud Force Summit(Portland, Oregon, USA, September 18 - 20, 2019) The Fraud Force Summit is iovation's annual conference bringing customers, prospective customers, partners and industry experts together to connect, collaborate and share. The landscape for fraud prevention...
Security Leaders Summit Boston(Boston, Massachusetts, USA, September 26, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
Security Leaders Summit Atlanta(Atlanta, Georgia, USA, October 17, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
National Security Leaders Symposium(Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
Sacramento Cybersecurity Conference(Sacramento, California, USA, August 8, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Wicked6 Cyber Games(Las Vegas, Nevada, USA, August 8, 2019) On August 8, 2019, six elite collegiate cyber teams go head-to-head in the thrilling environment of a Las Vegas esports arena. They’ll battle it out as they search for and defeat the foe, all while an...
Hack the Sea(Las Vegas, Nevada, USA, August 8 - 11, 2019) Hack The Sea is a three day mini-conference that will be held in the villages of DEF CON 27. Hack The Sea will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops...
DEF CON 27(Las Vegas, Nevada, USA, August 8 - 11, 2019) DEF CON is a hacker convention which takes place immediately following Black Hat in Las Vegas every year.
Cybersecurity Summit, New York(New York, New York, USA, August 13 - 14, 2019) The Cybersecurity Summit, New York, invites information security practitioners to learn about the latest trends in data breaches and frauds, and about mitigation strategies. ISMG’s Global Summit focuses...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.