skip navigation

More signal. Less noise.

FedRAMP is rapidly changing—learn how!

The federal market is ripe with opportunity for SaaS, IaaS, and PaaS providers. More federal agencies are tapping into the cloud, and it’s getting faster and cheaper to achieve FedRAMP authorization. Download Coalfire’s 2019 FedRAMP Securealities report to learn how to take advantage of the rapidly expanding federal market.

The Week that Was.

The CyberWire's 6th annual Women in Cybersecurity Reception is pratically around the corner.

Around the corner at the International Spy Museum's new facility at L'Enfant Plaza in Washington, DC, that is. Our 6th Annual Women in Cybersecurity Reception takes place October 24.  The Women in Cyber Security Reception highlights and celebrates the value and successes of women in the cybersecurity industry. The event focuses on networking, and it brings together leaders from the private sector, academia and government from across the region, and women at varying points in their careers. It's not a marketing event; it's just about creating connections. If you're interested in getting an invitation to this year's event, tell us a little bit about yourself and request one here. A very limited number of sponsorship opportunities remain, so please let us know if you're interested.

Coordinated inauthenticity versus Hong Kong.

Twitter identified and suspended nine-hundred-thirty-six accounts it determined to be engaging in coordinated activity aimed at discrediting the ongoing protests in Hong Kong. China blocks Twitter, so the accounts either used VPNs or specially unblocked IP addresses on the mainland. Crediting Twitter with having tipped it off, Facebook followed suit, and terminated seven pages, three groups, and five accounts engaged in the same campaign of coordinated inauthenticity designed to mislead and misdirect protesters in Hong Kong. Facebook is also blocked in China. As the Wall Street Journal noted, the fact that many of the social media accounts involved were operating unblocked from the mainland strongly suggests they were operating on behalf of the Chinese government.

Twitter also changed its advertising policy in a gesture toward cracking down on government-run influence campaigns. Henceforth the company will no longer sell advertising to state-sponsored media. Those media will continue to be able to tweet, just not buy ads. It seems likely that state control will grow increasingly covert and deniable.

On Thursday Google joined Facebook and Twitter, blogging that it had closed two-hundred-ten YouTube accounts it found spreading coordinated disinformation about the ongoing protests in Hong Kong. Google didn’t explicitly attribute the activity to the Chinese government, but it did say the activity was similar to campaigns the other social media flagged. Google found the use of VPNs a particular sign of inauthenticity.

Is your cybersecurity program aligned with your business goals and objectives?

Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success.

China's government defends the right to freedom of speech.

No, really. Of its own speech, anyway. China's government protested Twitter's and Facebook's action against the accounts they suspended. The victims here weren't the organs of the Chinese government, Beijing claimed, but rather expatriate Chinese, many of them students, who were expressing their patriotic outrage over the discreditable misbehavior of people in Hong Kong. China's government said, Reuters reports, that it also had a "right to tell its story."

With a moxie that commands a certain reluctant admiration (if not approval) Chinese authorities are said, by the Washington Post, to have pointed out the fact that both Twitter and Facebook are blocked in China as evidence that the accounts belonged to patriotic expatriates. So just who do Messrs. Zuckerberg and Dorsey think they are, interfering with freedom of speech like that? That's one way of looking at it.

Pyongyang's latest phishing trip.

Researchers at Anomali report finding an active North Korean cyber espionage campaign directed against universities, think tanks, and foreign ministries in several countries. The infection method is phishing, with the malicious payload taking victims to fake websites. In some instances the bogus sites masqueraded as login pages for government diplomatic portals. The threat group is thought to be connected to Pyongyang's missile program.

Conduct secure and anonymous research on the open and dark web.

If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.

Cyberespionage comes to healthcare.

FireEye describes ongoing cyber espionage directed against the healthcare sector. The researchers associate the campaign with the Chinese government. It seems to have two goals. First, the operators are interested in simply acquiring large quantities of personal information, a goal many such campaigns have. Second, the campaign appears to be particularly interested in cancer research.

The Silence gang is newly active.

Group-IB has a follow-up report on Silence, the Russian-speaking criminal gang they've tracked for the last three years. Initially marked by slovenly opsec and a target set largely confined to Russia, Silence has upgraded its security game and expanded internationally. Their expansion and improvement seem opportunistic and derivative, repurposing code and perhaps personnel from other gangs, notably TA505. Their customary infection technique is phishing, beginning with a reconnaissance phase that sends bogus email delivery failure notices.

Is your company passionate about empowering women to succeed in the cyber security industry?

The CyberWire’s 6th Annual Women in Cyber Security reception is a networking event that highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships while building new ones. Consider sponsoring the event. Limited sponsorships are available. Visit our website to learn more.

Regulatory risk and its effect on service offerings.

A Reuters exclusive says that Google terminated a service it had offered mobile carriers as a means of testing their network coverage. The company's Mobile Network Insights service had since 2017 offered carriers data collected from Android users who opted in to sharing location and performance data. Although the program was organized on a transparent, opt-in basis, and the data it collected both anonymized and aggregated, Google apparently decided that Mobile Networks Insights exposed the company to more regulatory risk than it was prepared to accept. 

Have Your Users Made You an Easy Target for Spear Phishing?

Many of your organization’s email addresses and identities are exposed on the internet, and are easy for cybercriminals to find. With email’s enormous attack surface, cybercriminals are able to launch potentially devastating social engineering, spear phishing and ransomware attacks on your organization. Try KnowBe4’s Email Exposure Check Pro for free today, and see how you can identify the at-risk users in your organization by crawling business social media information and hundreds of breach databases.

Patch news.

Valve has patched the Steam flaws spurned bug hunter Vasily Kravets discovered. The company told Ars Technica that it recognizes its handling of the disclosures was a mistake. It's adjusting its policies accordingly.

Crime and punishment.

The SBU, Ukraine's security service, has found and confiscated cryptomining gear installed at a South Ukrainian nuclear power plant, SE NAEK Energoatom. The SBU also raided offices of the National Guard unit 3044, which is located at the nuclear facility. Cointelegraph, which covered the raids, noted the similarities to the case of the nuclear engineers Russian authorities arrested in February of 2018 for pulling Bitcoin out of the Russian Federal Nuclear Center. The nuclear power and research sector deploys a lot of computational power, and supercomputers attract cryptojackers. An unknown number of people are under police investigation. The Ukrainian English-language news service Uniam observed that one of the problems at the power plant was that the computers exploited were connected to the Internet.

Courts and torts.

Facebook agreed Friday to release, as requested by the Attorney General of the District of Columbia, records of internal company discussions of data-scraping. Facebook stands by its earlier testimony that it was unaware of data sales by Alexander Kogan to Cambridge Analytica.

Crown Sterling is suing Informa subsidiary UBM over the poor reception its presentation received at Black Hat: the boobirds were out in force. Ars Technica has a summary.

A number of states are said to be preparing a joint antitrust inquiry of their own into Big Tech. The number of states joining the action is thought to be as many as twenty, the Wall Street Journal reports. This inquiry is independent of the Federal probe the US Department of Justice announced last month. The Verge reports that Justice is assisting the state attorneys general who have decided to investigate Big Tech.

Thales has looked at the California Consumer Privacy Act (CCPA) and has advice for organizations concerned with its probable effects. Bear in mind that the CCPA focuses on the sale or disclosure of personal information. They start by drawing attention to the complex and expansive definition of personal information set forth in the act: "information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household" ("household" is the source of much complexity). Examples of personal information include "commercial information ('records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies'), Internet or other electronic network activity information (such as browsing and search histories), education information and audio, electronic, visual, thermal, olfactory, or similar information." Thus it seems to cover, explicitly, three of the five traditional sensory modalities, and the missing two--tactile and gustatory--are probably there by implication: "similar information." Excluded is publicly available information, defined as any information duly and legally placed before the public by Federal, state, or local authorities.

The Act codifies certain specific rights for Californians. They have the right to know what personal information is being collected on them, and whether that information is being sold or disclosed, and to whom. They have the right to access their personal information. They have a right to say "no" to sale of their information. Finally, they have the right to equal service and price, even if they exercise their other rights specified in the Act. The entities covered by the CCPA form a relatively narrow class: for-profits doing business in California that collect and process personal Information of California residents. A physical presence in the state is not required, but the for-profits covered by the Act must have an annual gross revenue of more than $25 million. The must buy, sell, receive or share for commercial purposes the personal information of at least 50,000 Californians. And, finally, they must derive at least fifty percent of their annual revenue by selling Californians' personal information.

A court case in California also seems likely to have wide-reaching effects on tech companies' interactions with the public. It's early to know exactly what impact the decision will have, but the California Supreme Court has decided that a plaintiff need not have entered into an agreement with an online service provider to have standing to sue for discrimination, Gizmodo reports. The case involved online payment processor Square's prohibited goods and services policies: they ruled out the use of the service by "bankruptcy attorneys or collection agencies." A bankruptcy attorney claimed this constituted discrimination, even though he hadn't done business with Square, and the California Supreme Court, without passing on the merits of the attorney's case, unanimously found that he had standing to sue. The opinion held that in general, visiting a website with intent to use services offered there is equivalent to walking into a brick-and-mortar store. An amicus brief the Impact Fund filed suggests that advocates are likely to push for as expansive a reading of the Unruh Civil Rights Act as practicable.

Policies, procurements, and agency equities.

The US Commerce Department added forty-six Huawei partners and subsidiaries to the entity list, but it also extended the ban on trading with the proscribed entities for three months, the Washington Post reports. The simultaneous carrot-and-stick were accompanied by very harsh Presidential remarks directed at Huawei, which President Trump unambiguously characterized over the weekend as a "national security threat."

Removing proscribed tech products from US Government networks is not as easy as saying "make it so." As Forbes points out, a Forescout inventory found some two-thousand-and-change Dahua and Hikvision cameras keeping an eye on US Government property. And they also found about thirteen-hundred Huawei and two-hundred ZTE devices.

Twelve large telcos and the attorneys general of all fifty US states and the District of Columbia have agreed to give consumers some relief from robo-calls. The Wall Street Journal reports that AT&T, Verizon, T-Mobile, Sprint, and CenturyLink are among the companies that have committed to working with the AGs to, quote, "provide customers with free call-blocking technology, investigate and trace illegal calls and confirm the identity of their commercial customers as part of cooperation with law enforcement" end quote. Many robo-calls aren't illegal, per se, but an awful lot of them run afoul of fraud and consumer protection laws.

The Cyberspace Solarium, as explained by commissioners Senator Angus King and Representative Mike Gallagher in a Lawfare post, aims to do for multidomain conflict what the original Solarium did for the nuclear age. They're addressing not only strategy, but roles, missions, and international norms. Another commissioner, Susanne Spaulding, told Executive Gov that the Cyberspace Solarium expects to release recommendations in early 2020. Until then, the commission is soliciting input from interested and informed parties. They invite comments, suggestions, and observations, which you can share them by emailing 

Fortunes of commerce.

ZDNet reports that the Midwestern supermarket chain Hy-Vee is warning its customers to keep an eye on their bank accounts after the company discovered unauthorized activity on some of its point-of-sale systems. The activity affected some of Hy-Vee’s fuel pumps, drive-thru coffee shops, and restaurants. The company didn’t specify which locations were involved, but says the activity has been stopped. Hy-Vee doesn’t believe its grocery stores, drugstores, or convenience stores were impacted. The company notes that its investigation has just begun, and more information will be forthcoming as it becomes available.

Labor markets.

Panelists at AFCEA TechNet Augusta sounded an increasingly familiar call to look for cybersecurity talent among people who might tend to escape the attention of recruiters and hiring managers. In SIGNAL's account of the session, Air Commodore Elanor Boekholt-O’Sullivan (Royal Netherlands Air Force, who leads that country's Defence Cyber Command) would make a place for introverts and people on the autism spectrum. The Bundeswehr's Oberst Peter Hillermann likes middle-aged career changers. And the Israeli Defense Forces' Major Lior Lebed doesn't care about experience or credentials: he wants fast learners.

Mergers and acquisitions.

In its third acquisition over the course of a year, Converged Security Solutions is acquiring Maverick Cyber-Defense.

In a bid to increase its penetration of the e-commerce market, PerimeterX will acquire client-side protection shop PageSeal. PerimeterX maintains offices in San Mateo, California, Tel Aviv, Miami, and London.

CyberRisk Alliance, the business intelligence firm that recently also became the corporate parent of SC Media, has made another acquisition, picking up the Cybersecurity Collaborative. Founded in 2015, Cybersecurity Collaborative is described by CyberRisk Alliance as "a private, member-only peer council in the US that facilitates collaboration among the senior most security leaders of large corporations, government agencies and municipalities, healthcare institutions, academia and non-profit organisations."

Splunk has announced its intention to acquire the cloud-monitoring shop SignalFx. The acquisition puts SignalFx over the unicorn line: the Silicon Valley Business Journal reports that Splunk is paying $1.08 billion for the start-up. You may be familiar with SignalFx under its earlier name, GitStar.

VMware is acquiring San Francisco-based application security startup Intrinsic. CNBC calls the buy part of VMware's push into cloud markets: Intrinsic's software works with Amazon's and Microsoft's public cloud services. And that's not VMware's biggest acquisition of the week, either: the company has also bought publicly traded Carbon Black, which specializes in securing cloud-native workflows, for $2.1 billion. But wait, there's more: on Thursday VMware finalized its purchase of Pivotal Software, too, at a valuation of approximately $2.7 billion. Like Carbon Black, Pivotal was also publicly traded. The two acquisitions are seen as complementary. TechCrunch notes that both the acquired companies focus on modern workloads. Pivotal delivers "modern applications" with support for Kubernetes, and Carbon Black makes security features for "modern applications and infrastructures." SiliconAngle observes that Carbon Black and Pivotal represent the thirteenth and fourteenth companies VMware has picked up over the past twenty months.

Investments and exits.

Remediant has secured $15 million in Series A funding. Dell Technologies and ForgePoint Capital led the investment round. The company says it intends to use the funds to expand "marketing and field operations, product engineering, channel and customer success programs."

Colorado-based Ping Identity this week filed for a $100 million IPO. The company will trade on the Nasdaq under the ticker symbol PING.

Cloudflare, the company that provides security and performance solutions for cloud, hybrid, SaaS, and on-premise enterprises, filed for an IPO last Wednesday. They'll trade on the New York Stock Exchange, Business Insider says, using the ticker symbol "NET." TechCrunch notes a graceful gesture Cloudflare made at the time of their filing: the company made a point of thanking their third co-founder, Lee Holloway, who had to step away from the company in 2015 when diagnosed with frontotemporal dementia. We join Cloudflare in wishing him honor.

And security innovation.

Baltimore-based AKUA has been selected for Silicon Valley's Plug-and-Play program, an initiative that, as Baltimore explains, connects innovative start-ups with large potential customers. AKUA specializes in supply-chain security and management.


Today's issue includes events affecting China, European Union, Germany, Israel, Democratic Peoples Republic of Korea, Netherlands, Russia, Ukraine, United Kingdom, United States.

Research Saturday is up. In this episode, "Gift card bots evolve and adapt," we hear from researchers at Distil Networks who've been tracking online bots targeting ecommerce gift card systems of major online retailers. The threat actors show remarkable resourcefulness and adaptability. Jonathan Butler is technical account team manager at Distil Networks, part of Imperva, and he joins us to share their findings.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.