AT&T Cybersecurity Insights Report: Security at the Speed of 5G
AT&T Cybersecurity teamed up with 451 Research to survey organizations on their 5G security plans. Download today and see organizations’ 5G cybersecurity preparedness responses followed by gap analysis on what’s possibly being overlooked plus recommendations for strengthening 5G security efforts.
December 6, 2019.
CyberWire Pro, coming in 2020.
We're pleased to announce our new subscription program, CyberWire Pro, launching early in 2020. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time as it keeps you informed. Learn more and sign up to get launch updates here.
By the CyberWire staff
The US Justice Department indicted two Russian citizens, Maksim Yakubets and Igor Turashev, for developing, operating, and distributing the Dridex banking Trojan. Yakubets was named as the leader of a criminal group known as "Evil Corp," which is said to have used Dridex to steal upwards of $100 million from victims around the world. The charges are the result of a joint investigation by the UK's National Crime Authority, GCHQ's NCSC, and the US FBI. The US Treasury Department also announced sanctions against nine members of Evil Corp, six entities linked to the group, and eight individuals who served as “financial facilitators” for the cybercriminals. The State Department is offering a $5 million reward for information leading to Yakubets's arrest, the highest reward ever offered for a cybercriminal.
CISA released an alert with technical details on Dridex and recommendations for organizations to protect themselves. The financial sector in particular is heavily targeted by the malware.
Facebook filed a lawsuit yesterday against a Chinese advertising company that allegedly violated the social media platform's ad policies over the course of three years, Mashable reports. Facebook says the company utilized malware to compromise Facebook users' accounts and then used these accounts to host ads for counterfeit products.
Researchers at the University of New Mexico have discovered a flaw in Unix-based systems that could allow an attacker on the local network to inject packets into an adjacent user's encrypted VPN connection, the Register reports. The vulnerability affects Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android.
Today's issue includes events affecting Australia, China, Denmark, India, Israel, Netherlands, Russia, Ukraine, United Kingdom, United States.
Bring your own context.
Innovation can also be attended by risk.
"Attackers understand that [it's easy to forget that tools have a connection to the outside world]. So they understand how prevalent these type of new communication technologies are. They understand that when there is sort of a newness in the industry, that it presents a potential opportunity for attackers to leverage. And, you know, as soon as something like these type of communication platforms exist, attackers are going to be, you know, standing at the gates, trying to figure out ways that they could leverage them into providing sort of outbound or some sort of infection that they can leverage internally and kind of pivot around your digital environment with. And that's very interesting. So it's kind of always a race whenever these get in - you know, these type of technologies get deployed to make sure that those logs and the data that you're using them for internally also get captured and filtered back to a security team in an easy-to-evaluate way to look for suspicious and malicious events."
—Michael Sechrist of Booz Allen Hamilton, on the CyberWire Daily Podcast, 12.4.19.
Attackers can find opportunity in novelty.
A recommendation to our readers.
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. It offers a monthly overview of news in this sector—take a look.
Without proper context, cyber threat intelligence is useless.
The appearance of new threats and security challenges requires effective tools for their timely identification and in-depth analysis. Without proper contextualization, intelligence is completely useless. Context™ – Cyber Threat Intelligence Platform for enterprises and government agencies delivers cyber threat intelligence harvested from millions of data points from the Deep and Dark Web, combined with data science for objective and actionable insights.
Ransomware Writes Drama at Shakespeare Theatre(BleepingComputer) A ransomware attack over the weekend has taken down the ticketing system and patron database for the New Jersey Shakespeare Theatre and has also affected at least one other organization in the Madison area.
Malicious Activity Aligning with Gamaredon TTPs Targets Ukraine(Anomali) OverviewThe Anomali Threat Research (ATR) team has identified malicious activity that we believe is being conducted by the Russia-sponsored Advanced Persistent Threat (APT) group Gamaredon (Primitive Bear). Some of the documents have been discussed by other researchers. This Gamaredon campaign appears to have begun in mid-October 2019 and is ongoing as of November 25, 2019. Based on lure documents observed by ATR, we believe that at least the following Ukrainian entities and individuals may
Dridex Malware(CISA) This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency (CISA) are providing this report to inform the sector about the Dridex malware and variants.
Weidmueller Industrial Ethernet Switches(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: Industrial Ethernet Switches
Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Missing Encryption of Sensitive Data, Unprotected Storage of Credentials, and Predictable from Observable State
Thales DIS SafeNet Sentinel LDK License Manager Runtime(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low skill level to exploit
Vendor: Thales DIS
Equipment: SafeNet Sentinel LDK License Manager Runtime
Vulnerability: Link Following
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a local attacker to escalate privileges.
Hackers have a shocking new tactic to scam you with fake products(Komando.com) If a hacker knows your interests and demographic information, it becomes much easier to target you with scams across the board. And that's just what happened recently when hackers pilfered data from a specific audience of internet users. Unlike previous campaigns, this one targets a vulnerable population with ruthless efficiency. Is this a new low for data theft? If not, it's definitely a close call.
Consumer Concern About Holiday Fraud Comes True(TransUnion) iovation, a TransUnion company, today released new findings around online retail trends during the start of the 2019 global holiday shopping season. The research shows a 29% increase in suspected online retail fraud during the start of the 2019 holiday shopping season compared to the same period in 2018, and a 60% increase in suspected e-commerc...
Apple Explains Mysterious iPhone 11 Location Requests(KrebsOnSecurity) KrebsOnSecurity ran a story this week that puzzled over Apple‘s response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user’s location even when all applications and system services are individually set never to request this data.
Kaspersky partners with jewellery designer on biometrics(Planet Biometrics News) Kaspersky has teamed up with a 3D accessory designer from Stockholm and together they have created a showstopping piece of jewellery at the intersection of technology and art – a unique ring that serves as an extension of a person’s digital identity, designed to keep users unique biometric data safe.
LandMark White rebrands as Acumentis(Business News Australia) Following a disastrous 2019 during which LandMark White (ASX: LMW) was hit with not one but two data breaches the property valuer has decided to rebrand.
How Palo Alto Networks SASE model changing the security infrastructure of companies(Elets CIO) In an interview with Anupama Mehra of Elets News Network (ENN), Anil Bhasin, Regional Vice President – India & SAARC, Palo Alto Networks, shares how SASE model is addressing the limitations of traditional architectures by converging networking and security in the cloud. Palo Alto Networks leaped aboard with the launch of its Secure Access Service […]
Closing the Gap Between Physical and Cyber Security(TechNative) Enterprises across the world are continuing to embrace digital services with the aim of becoming digitally adept. But, as these changes take place, security threats become increasingly prevalent. Companies need to be prepared for an attack – be it physical or digital – because in most cases, it isn’t if, but when, it will happen.
Cybersecurity 101: 5 lessons for businesses(The Hack Post) Did you know that only one cyber attack can cost your business up to $3 million? Lack of knowledge and resources is the number one reason behind an increasing number of cyberattacks on businesses. Their number has grown four-fold in the previous year. While fully providing your website with sophisticated protection admittedly isn’t cheap, a …
EU's Progress On 5G Cybersecurity Plan Garners US Praise(Law360) The U.S. Department of State has commended the European Union for moving forward with a 5G cybersecurity initiative that nodded to steps the department has taken to bar Chinese telecom giants Huawei and ZTE from equipping U.S. networks.
DHS backtracks on expanding airport face scans to US citizens(TechCrunch) Homeland Security has confirmed it will not expand face recognition scans to U.S. citizens arriving and departing the country, days after it emerged the agency proposed making the scans for citizens mandatory. The department, whose responsibility is border protection and immigration checks, said in…
PRIMER: China’s cryptography law(International Financial Law Review) IFLR’s latest primer looks at China’s new law targeting blockchain development, how it relates to the country’s national digital currency, and the impact on the fintech community
Encryption is under attack. Here’s why that matters(The European Sting) This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum. Author: Adrien Ogée, Project Lead, Cyber Resilience, World Economic Forum & Marco…
Litigation, Investigation, and Law Enforcement
International law enforcement operation exposes the world’s most harmful cyber crime group(National Crime Agency) A Russian national who runs Evil Corp – the world’s most harmful cyber crime group that created and deployed malware causing financial losses totalling hundreds of millions of pounds in the UK alone – has been indicted in the United States following unprecedented collaboration between the NCA, the FBI and the National Cyber Security Centre.
2 Russians charged in 'Evil Corp' global cybertheft ring(Star Tribune) The Justice Department unsealed charges Thursday against the alleged leader and a top associate of a Russian cybercriminal gang that U.S. and British officials say developed and distributed malware used to steal at least $100 million from banks and other financial institutions in more than 40 countries over the past decade.
FBI didn't tell U.S. targets as Russian hackers hunted emails(Valliant News) The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin‘s crosshairs, The Associated Press has found.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
International Cyber Risk Management Conference(Bermuda, December 4 - 6, 2019) The International Cyber Risk Management Conference (ICRMC) provides delegates with an essential forum to learn from experts, network and share experiences with peers and colleagues, and get the answers...
CyberMaryland 2019(Baltimore, Maryland, USA, December 5 - 6, 2019) The CyberMaryland Conference includes thought leaders from Maryland’s Cyber Security sector and also features nationally recognized speakers and panelists on cyber and technology innovations. Sessions...
Anaheim Cybesecurity Conference(Anaheim, California, USA, December 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cincinnati Cybersecurity Conference(Cincinnati, Ohio, USA, December 12, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
CPX 360 Bangkok(Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.