skip navigation

More signal. Less noise.

What if your security solution could provide zero doubt?

A foundation of artificial intelligence delivers smart, simple, and secure solutions that change how organizations approach endpoint security. Cylance provides full-spectrum, predictive threat prevention and visibility across the enterprise to combat the everyday - as well as the most notorious and advanced - cyberattacks. Let Cylance help you understand how you can create real confidence in your organization’s security posture and zero in on what really matters.

Daily briefing.

Palo Alto Networks’ Unit 42 reports that the Vietnamese threat group OceanLotus (APT32) has deployed a new downloader, KerrDown. It’s typically distributed either through a malicious macro in a Microsoft Office document or by a RAR archive with some DLL side-loading.

Recorded Future believes it has a line on the individual responsible for Collection #1: a cybercriminal known by the nom-de-hack “C0rpz.” The one who calls himself “Clorox” is a poseur; the one who goes by “Sanix” is a reseller. ZDNet points out that C0rpz, Clorox, and Sanix are probably at most aggregators, not hackers, and that, while the data dumps serve as reminder of the importance of sound digital hygiene, they’re not new, and not grounds for panic.

Huawei receives harsher scrutiny as a potential security risk in both Canada and the UK. In the UK, the Telegraph and the Times report recriminations over the Government’s alleged failure to take warnings of Huawei-enabled espionage seriously when it received them six years ago. It’s an open question whether the company’s early advantage in 5G technology that Bloomberg describes will enable it to ride out the international backlash over security.

If RT is any indication, Russia’s information campaign over Venezuela would seem to have begun. The outlet warns that US military intervention may be imminent and would be easy for the US to undertake. Interference in Venezuelan internal affairs would “grossly violate” international law.

KrebsOnSecurity reports that Europol will bring legal action against two-hundred-fifty users of the shuttered DDoS-for-hire Webstresser service.

Notes.

Today's edition of the CyberWire reports events affecting Australia, Belgium, Canada, China, European Union, Iran, Ireland, Israel, Russia, United Arab Emirates, United Kingdom, Untied States, Venezuela, and Vietnam.

The Round the Clock Third Party Advantage

Vendors, suppliers, and independent subsidiaries are gaining more access to your network and sensitive data because today’s business models include outsourcing of non-mission critical programs and tasks, which brings a new world of risk to your organization. In this webinar, LookingGlass Product Manager, Brandon Dobrec and Security Ledger Editor-in-Chief, Paul Roberts will discuss what you need to assess vendors in the modern cyber environment, providing you with the right map to assess your external risk.

In today's podcast, we talk with our parters at Palo Alto Networks' Unit 42, as  Rick Howard discusses Australia’s controversial encryption legislation.

Cyber Job Fair, Feb 13, San Antonio (San Antonio, Texas, United States, February 13, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, February 13 in San Antonio. Meet leading cyber employers including AF Civilian Service, CNF Tech, Lockheed Martin, and more. Visit ClearedJobs.Net or CyberSecJobs.com for details.

Cyber Security Summits: February 13th in Atlanta and on April 2nd in Denver (Atlanta, Georgia, United States, February 13 - April 2, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Darktrace and more. Passes are limited, secure yours today: www.CyberSummitUSA.com

Rapid Prototyping Event: The Needles in the Haystack (Columbia, Maryland, United States, February 26 - 28, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event in which we hope to find a solution that can not only 'map' the network in the traditional sense but provide inferences as to the most important servers, workstations or hardware devices. Once these assets are identified they could be isolated, replicated or studied closely via live forensics.

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cyber Attacks, Threats, and Vulnerabilities

Iran APT Group Targets Foreign Embassies (Infosecurity Magazine) Kaspersky Lab claims group looks more like sysadmins than expert hackers

Security firm identifies hacker behind Collection 1 leak, as Collection 2-5 become public (ZDNet) Billions of users records continue to leak. Some data leaked years before, some of it is new.

Threat Actor Behind Collection #1 Data Breach Identified (Recorded Future) In this report, Insikt Group uncovers new information pertaining to the Collection #1 data breach collection, including details about its original creator.

The Age of Big Leaks (New York Times) A terabyte of data — 100 million pages or 1,000 hours of video — can be shared on a thumb drive. But stolen secrets come with complications.

Where do nation-states fit into the ecosystem? (SC Media) While official governments generally are smart enough not to directly employ attackers to carry out their missives, none of the researchers discovered

OceanLotus group uses new Kerrdown downloader to deliver payloads (SC Media) Researchers have discovered a previously unknown custom downloader that reputed Vietnamese APT group OceanLotus has been using since at least early 2018.

Tracking OceanLotus’ new Downloader, KerrDown (Unit42) OceanLotus (AKA APT32) is a threat actor group known to be one of the most sophisticated threat actors originating out of south east Asia. Multiple attack campaigns have been reported by number of security organizations in the last couple of years, documenting the tools and tactics used by the threat actor. While OceanLotus’ targets are global, their operations are mostly active within the APAC region which encompasses

Russia's propaganda machine discovers 2020 Dem contender Tulsi Gabbard (NBC News) Experts who track websites and social media linked to Russia have seen stirrings of a possible campaign of support for Hawaii Democrat Tulsi Gabbard.

Fake news on Twitter during the 2016 U.S. presidential election (Science) There was a proliferation of fake news during the 2016 election cycle. Grinberg et al. analyzed Twitter data by matching Twitter accounts to specific voters to determine who was exposed to fake news, who spread fake news, and how fake news interacted with factual news (see the Perspective by Ruths). Fake news accounted for nearly 6% of all news consumption, but it was heavily concentrated—only 1% of users were exposed to 80% of fake news, and 0.1% of users were responsible for sharing 80% of fake news. Interestingly, fake news was most concentrated among conservative voters.

UAE buys its way toward supremacy in Gulf cyberwar, using US and Israeli experts (Ars Technica) UAE hired ex-NSA employees to build a spying operation possibly targeting US citizens, others.

Revealed: Secretive UAE cybersecurity firm with a history of spying on dissidents is operating in Finland (Helsinki Times) Investigations have revealed that Dark Matter, a company with links to the UAE government that is known to conduct spying and intimidation campaigns against dissidents and journalists, has been operating in Finland for years.

New Malware Siphons Cryptocurrency Wallets and Credentials, Credit Cards (BleepingComputer) CookieMiner is a new malware strain capable of stealing and exfiltrating web browser cookies related to online wallet services and cryptocurrency exchange websites, as well as passwords, text messages, and credit card credentials.

Deloitte: Nation states, organized crime and angry employees threaten utility cybersecurity (Utility Dive) The electric utility sector faces growing threat of cyber attacks as technology and a more distributed grid increase access points, according to a new report.

Siri Shortcuts can be abused for extortion demands, malware propagation (ZDNet) If weaponized, Siri Shortcuts could be an effective tool for extortionists, malware and scareware groups.

Multiple malware versions via malspam emails | My Online Security (My Online Security) The start to another week with several different malspam emails arriving overnight to start off Monday Morning with a bang. They are all typical subjects & email content and all deliver various well…

Basecamp Fights Off Mass Login Attempt With Quick Cyber Response (Computer Business Review) Chicago-based web application developers Basecamp successfully mitigated a mass-login attempted on their network by attackers using...

Houzz Urges Password Resets After Data Breach (Threatpost) The decorating website said that account usernames, passwords and more have been compromised as part of a breach.

The parking system cyber attack: 2 cities, 2 stories (CBC) They are two cities of similar size, both victimized in the same cyber attack. But Ames, Iowa, a 26-hour drive from Saint John, had a much different experience after the attacker slipped malicious malware into its parking fine server.

Cybercriminals Aim for the Super Bowl Goal Posts (Threatpost) Scams, infrastructure attacks, data harvesting and attacks on streamers are all in the offing.

New Scam Holds YouTube Channels for Ransom (BleepingComputer) Scammers are abusing the YouTube policy violation system by filing fake copyright infringements against content creators until their channel is close to being suspended. These scammers then hold the channel ransom by telling YouTubers to send a payment or they will file another copyright infringement to have the channel suspended.

Sextortion Scam Stating Xvideos Was Hacked to Record You Through Webcam (BleepingComputer) A sextortion scam variant is going around that states the popular adult site called Xvideos.com was hacked to include malicious script that records a visitor through their webcam and sends it to the hacker. The scam emails also states that this script was able to connect back to the visitors computer to steal their data and contacts.

Security Patches, Mitigations, and Software Updates

Kaspersky Lab identifies 7 vulnerabilities in industrial IoT platform (FutureIoT) Cybersecurity firm Kaspersky Lab experts have helped to identify and patch seven previously unknown vulnerabilities in the ThingsPro Suite, an

Cyber Trends

Wicked (dark web) wish list (SC Media) The dark web can be a fairly lawless place, but even the most hidden corners of the darknet are not immune to the laws of supply and demand.

Hacking Video Conferencing Platforms - The Next Big Thing? (Infosecurity Magazine) Has society realized the vulnerability dangers within video calling and conferencing technologies.

Location matters; with beverages and malware (Avira Blog) Since malware is like going out to a restaurant at times, you might have many of the same questions: Why is my waiter so slow (cryptominers), why the meal was horrible when it was perfect a week ago (HTML infections), and whether it is really important to change the oil in the car before heading out for a night on the town (CVE-2015-2426)?

CISOs: Change your mindset or lose your job (Help Net Security) Capgemini commissioned IDC to produce a new piece of research, which reveals the increasing pressure on the Chief Information Security Officer to drive

Email authentication use growing steadily in every industry sector (Help Net Security) U.S. federal government agencies and many major enterprises have made significant strides to thwart the spread of fake emails, a major cybersecurity

Cyber crime: Utah's tech success makes it a target (GOOD4UTAH) Utah is one of America's fastest growing states, one that is quickly becoming a major tech center. And largely because of that growth, Utah is a target.

Marketplace

Australian Cyber Security Centre to invest in new threat intelligence sharing platform (Computerworld) The Australian Cyber Security Centre has provisionally shortlisted half a dozen potential platforms that could make it easier to exchange threat intelligence with its partners.

Can the government make cyber cool for college grads? (Fifth Domain) “Recent college graduates think that they are changing the world doing their apps.”

Is cybersecurity more important than cost, schedule or performance? (Fifth Domain) With foreign hackers more active, government leaders must embrace cybersecurity as a fourth pillar of acquisition.

Huawei’s Clout Is So Strong It’s Helping Shape Global 5G Rules (Bloomberg) Edge in standards-setting boards can lead to edge in markets. Huawei says it works with other companies as standards are set.

Are The U.S., U.K. And E.U. About To Deal Death Blows To Huawei's 5G Ambitions? (Forbes) This year, Huawei’s future will be defined by the global tug-of-war between the commercial appeal of state-subsidized Chinese technology and U.S. political and economic influence. If there is no lessening of tensions, Huawei will not survive in its current form.

European telecoms’ dilemma: Huawei or fade away? (Arab News) PARIS: It’s a dilemma for European telecoms firms: Should they steal a march on competitors and rapidly roll out next-generation 5G mobile networks using equipment from top supplier Huawei? Or should they heed US-led warnings of security threats and sit tight, and possibly fall behind? Getting it right will have big consequences as 5G networks are the next milestone in the digital revolution, bringing near-instantaneous connectivity, vast data capacity and futuristic technologies.

UPDATE: Snopes quits and AP in talks over Facebook’s fact-checking partnership (TechCrunch) Two of Facebook's four fact-checking partners in the U.S. have left the program as of the beginning of this year: Snopes, which recently rebuffed reports that its relationship with Facebook was strained, and the Associated Press. Both confirmed they are leaving the program, but left the possibility…

Thales seeks to expand Cyberlab beyond Belgium (Jane's 360) Thales has secured a range of military customers for its ‘Cyberlab’ in Tubize, Belgium, and now plans to roll the concept out to its subsidiaries in other countries, the company has told Jane’s . The Belgian Cyberlab was established in 2017, with three major functions in mind,

Billion-dollar cybersecurity firm Darktrace is opening a base in Dublin (Fora.ie) The UK company is expanding its hefty global footprint with another office.

Netanya to New York: How to take Israeli hi-tech global (The Jerusalem Post) Sitting in his New York office on the corner of West 36th Street and Broadway, Sisense CEO Amir Orad has realized the dreams of thousands of budding Israeli hi-tech entrepreneurs.

Cybersecurity Vet Abdul Rahman Joins Fidelis as Chief Scientist (GovCon Wire) Abdul Rahman, a former Mantech (Nasdaq: MANT) vice president with more than 10 years of cyber defens

Products, Services, and Solutions

Coalfire Announces "CoalCast Podcast" on First Anniversary of Research and Development Team (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today announced the launch of its new...

Extreme Networks Makes Securing Edge Devices Easy with Defender for IoT (Extreme Networks, Inc.) The Investor Relations website contains information about Extreme Networks, Inc.'s business for stockholders, potential investors, and financial analysts.

NAB takes aim at supply chain attacks (iTnews) By creating a new 'integrated security function'.

Technologies, Techniques, and Standards

Managing cyber risk in the electric power sector (Deloitte Insights) The power sector is one of the most frequently targeted and first to respond to cyber threats with mandatory controls. But threats continue to evolve, reaching into industrial control systems and supply chains, and requiring even greater efforts to manage risk.

ZTE establishes ITU-T project on network threat detection (Telecom Asia) The first ITU-T standard project in the field of unidentified threat detection and prevention

Here’s how DHS prepared to keep hackers out of the Super Bowl - CyberScoop (CyberScoop) When the New England Patriots and Los Angeles Rams kick off in Atlanta on Sunday, a network of at least nine operational centers staffed by city, state, and federal officials will be humming with activity near the stadium to monitor for cyber and physical threats. About 60 employees from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) will be onsite — with a cyber official at each operational center — making it one of the biggest DHS cybersecurity operations at a Super Bowl to date.

Bratton on Verizon's $97M Ramp Up to Secure Super Bowl LIII (See Videos) - American Security Today (American Security Today) Tammy Waitt, American Security Today’s editorial director caught up Bill Bratton, former police commissioner of New York & Boston and former chief of LAPD, for an exclusive interview last week, to outline Verizon’s $97 million commitment to help secure the Big Game on Sunday. To comprehend the enormity of the project, Mr. Bratton explained that Verizon began …

Census adds bug bounty, 'red team' testing to 2020 cybersecurity arsenal (Federal News Network) The Census Bureau will join a growing number of agencies in offering a bug bounty program as it ramps up security preparations for the 2020 population count. 

Flavors Of Risk And A Better Definition Of Cyber (Forbes) Cyber is an overused prefix. Security has to align with the business better around risk, so let's use the term to mean activities around the most important form of risk: the one that requires real security skills to stop the malicious, Human intelligence threatening the connected world and us all

Cyber red teams find DOD systems tougher to crack (FCW) A Pentagon watchdog noted improvements in cyber capabilities but worried that adversaries are improving their attacks faster than defenders are shoring up their systems.

Cyber Soldiers talk about their mission and Army opportunities (DVIDS) Army cyber warriors often say one of the things they like about cyber as a career is that it offers the challenges and opportunities of engaging in cyberspace operations at a desk as well as in a tactical environment.

SWIFT says helping Bangladesh Bank rebuild network after cyber heist (BD News 24) International payments network SWIFT said on Saturday it had signed an agreement with Bangladesh’s central bank to help it rebuild its infrastructure after hackers used it to steal $81 million in 2016 in the world’s biggest cyber heist.

Design and Innovation

Google works on spotting dodgy 'evil domains' (BusinessGhana) Google is working on a way for Chrome to do a better job of spotting fake websites that seek to trick people into...

Research and Development

NIST shortlists submissions for post-quantum crypto competition (Daily Swig) Quest to find new quantum-resistant standards

DigiCert Labs to research postquantum cryptography & ML (Security Brief) The new research lab will collaborate with university researchers and industry leaders on ways to develop innovative approaches to security challenges.

Lockheed to develop cyber/EW podded system (Shephard Media) Lockheed Martin has received an $18 million contract to design, develop and test a cyber/EW podded system for the Air Large component of the US ...

Academia

UCA Cyber Range to Produce Needed Talent (Arkansas Business) The new cyber range at the University of Central Arkansas will complement the school's new bachelor's degree program and deliver to a fast-growing job field the talent it desperately needs to combat cybercrime.

Students put to test in cybersecurity competition (Journal Gazette) It was quiet in the halls of Ivy Tech's Coliseum Campus on Saturday as a series of collegiate teams focused on beating back a group of hackers bent on ...

Volunteer Staff Editor Opportunities at the Journal of Law and Cyber Warfare (Journal of Law & Cyber Warfare) The Journal of Law & Cyber Warfare is currently accepting applications from lawyers, law students, CISOs/cyber professionals, government executives, and students to serve as unpaid staff editors for a two-year term (shorter terms may be considered on a case by case basis). This is an excellent opportunity for students to be immersed in a critical area of the law, network with industry experts, and to hone their personal writing and editing skills. Email Business Editor John Kilgore at jkilgore@jlcw.org copying Editor-in-Chief Daniel Garrie at daniel@jlcw.org if you're interested.

Legislation, Policy, and Regulation

Huawei spying alert 6 years ago ‘wholly ignored’ (Times) Ministers were warned six years ago about the grave risks of Chinese infiltration of national infrastructure in a report citing Huawei’s involvement in UK telecoms. A leading security academic told...

Damning government report reveals Huawei 'failed to address security concerns' in the UK (The Telegraph) Huawei is set to face fresh pressure on its long-term role in the UK as an upcoming government report will find it has failed to address security concerns raised last year.

The plot to bring down Huawei and sever its 'deeply disturbing' ties to the UK (The Telegraph) Huawei employees in the UK are proud of their close links to some of this country’s most trusted institutions.

With security concerns and criminal charges – should Canada allow Huawei to operate in Canada? (Global News) As countries and institutions around the world are dropping Chinese tech giant Huawei from their contact lists, many are asking if Canada will do the same.

Wicker highlights national security risks of China’s efforts to dominate in 5G technology (Ripon Advance) U.S. Sen. Roger Wicker (R-MS), a senior member of the U.S. Senate Armed Services Committee, questioned national security experts about the risk of Chinese technology dominance in next-generation wireless communications at a Jan. 29 hearing on the growing threat of Read more...

America’s cybersecurity in context, not panic mode (TheHill) We need to rack and stack priorities, risks, costs and benefits with rational thought, not just restating fears.

Four differences between the GDPR and the CCPA (Help Net Security) The CCPA is a strong step in the right direction for the U.S. However, it does not go as far as European Union’s GDPR, which went into effect May 25, 2018.

DHS Cyber Hunt Teams to Be Authorized by Reintroduced Bipartisan Bill (BleepingComputer) The bipartisan Department of Homeland Security (DHS) Cyber Hunt and Incident Response Teams Act which would require the DHS to authorize "cyber incident response" and "cyber hunt" teams was reintroduced on January 31.

Portman introduces cybersecurity bill (Bryan Times) Sen. Rob Portman is keeping cybersecurity as a legislative priority.

Analysis | The Cybersecurity 202: State officials want election security cash. But some don't like the strings attached. (Washington Post) House Democrats are pushing a slew of voting mandates in H.R. 1.

State rep. backs off bill to censor internet content (Albuquerque Journal) Measure aimed to require publishers to remove 'inaccurate ... excessive content' 30 days after request

Litigation, Investigation, and Law Enforcement

Facebook warned over privacy risks of merging messaging platforms (TechCrunch) Facebook’s lead data protection regulator in Europe has asked the company for an “urgent briefing” regarding plans to integrate the underlying infrastructure of its three social messaging platforms. In a statement posted to its website late last week the Irish Data Protection Comm…

Duke Energy Broke Rules Designed to Keep Electric Grid Safe (Wall Street Journal) Duke Energy faces a record $10 million fine from federal authorities for serious and pervasive violations of rules designed to keep the nation’s electric system safe from physical and cyber attacks, according to a filing.

Fed backs Bangladesh as cyber-heist lawsuit kicks off (Reuters) The Federal Reserve will lend a hand to Bangladesh's central bank as it sue...

ICO Fines Brexit Campaign and Key Backer (Infosecurity Magazine) Leave.EU and Eldon Insurance broke data protection laws

Digital exchange loses $137 million as founder takes passwords to the grave (Ars Technica) QuadrigaCX survivors try to hack encrypted laptop in hopes of accessing cold wallet.

Bitcoin dealer seeks credit protection; dead owner had sole access to $250M (Times Colonist) Canada’s largest cryptocurrency exchange, QuadrigaCX, has filed for credit protection in Nova Scotia, just the latest in a series of bizarre turns for the Vancouver-based Bitcoin dealer. . .

250 Webstresser Users to Face Legal Action (KrebsOnSecurity) More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Union’s law enforcement agency.

QuadrigaCX Chain Analysis Report (Pt. 1): Bitcoin Wallets (Medium) This report provides an in-depth analysis of QuadrigaCX’s Bitcoin holdings.

Why we should all be worried about Britain's facial recognition experiment (The Telegraph) As you read this, police are preparing to record people walking down the high street in Romford, East London with cameras capable of mapping their faces with millimetric precision.

Microsoft President says it's “cruel” to not give governments facial recognition tech (Neowin) Microsoft President, Brad Smith, has spoken out against activists who asked Microsoft not to sell facial recognition technologies to governments. He responded saying they should, but cautiously.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CPX Americas 360 2019 (Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, February 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential...

National Security Technology Forum and Exposition (NSTFX) (San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...

3rd Next Generation Cyber Security for Utilities (Denver, Colorado, USA, February 13 - 14, 2019) With the value of damages caused by cyber-attacks growing rapidly every year, adopting a new and comprehensive approach to cyber security for utilities is more important than ever. Among essential facilities...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.