A defensive security posture is no match against today’s sophisticated adversaries—your organization needs to take a proactive approach to address these threats. To be successful, analysts need to understand the tactics, techniques, and procedures used against your organization. The key to understanding the adversary’s motives and patterns? Threat modeling, risk scoring, and gap analysis. Read more about the importance of threat modeling in our newest whitepaper, The Power of a Tailored Threat Model.
February 19, 2019.
By the CyberWire staff
Australian Prime Minister Morrison said yesterday that three political parties (Liberal, Labour, and National) have been targeted by "sophisticated foreign actors". The attempts came to light during investigation of attempts on Parliament's systems. Chinese intelligence services are the leading suspect, according to the Sydney Morning Herald. The Guardian reports that China's Foreign Ministry denies any involvement, and reports of Chines attacks are both "baseless" and "irresponsible."
Details on how the attacks were carried out remain sparse. They are said to have used (at some stage) a novel form of malware with China's "digital fingerprints," but it's possible that this could be misdirection by some other state's intelligence services. The Register says the operations could have been the work of China, Russia, Israel, or the United States, but that's a cautious statement of a priori possibility based on conjectured national capabilities. (And where, by the way, are France and United Kingdom on that list?) Official suspicion rests on China.
Avast reports a new malware family, "Rietspoof," spreading through instant messages.
Reports in the Telegraph and elsewhere suggest that a report on Huawei's security issues and the company's suitability for participation in 5G networks from the UK's National Cyber Security Centre will be very far from the harsh condemnation that had been widely suspected. The NCSC is believed to have concluded that the risks Huawei poses are manageable, and that GCHQ sees its way clear to mitigating them.
Facebook receives harsh criticism in the UK over data use and content management practices.
Today's issue includes events affecting Australia, Canada, China, Czech Republic, European Union, Iran, India, Israel, Malta, New Zealand, Pakistan, United Arab Emirates, United Kingdom, United States.
Headed to San Francisco in March? Skip the rush of the show floor and book your threat hunting session in advance. ExtraHop puts you in the cockpit with network traffic analysis so you can be the blue team as an attack unfolds, reconstruct a database exfiltration, and more. Schedule your demo now to explore security at enterprise scale at RSA!
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan tells about the implications of Apple's requirement that developers use two-factor authentication. Our guest is Igal Gofman from XM Cyber on how email can be used to compromise a network.
Experience Deep Learning for Network Threat Protection at RSA 2019(San Francisco, California, United States, March 4 - 8, 2019) Signatures and sandboxes can’t keep up with automated attacks. Visit Blue Hexagon booth N4204 and hear how we’re harnessing deep learning to stop known and unknown network threats in less than a second. Pick up a free copy of the book “How To Measure Anything in Cybersecurity Risk.”
Register for the RSA Conference 2019 today!(San Francisco, California, United States, March 4 - 8, 2019) Be part of an empowered global community at RSA Conference 2019, March 4 – 8 in San Francisco. With the latest cybersecurity solutions, countless experts and more, it’s easy to see why RSAC is infosec’s leading event.
Visit LookingGlass at RSA 2019 to Handle Your Risky Business(San Francisco, California, United States, March 4 - 8, 2019) Join LookingGlass at RSA 2019 to learn more about how we can help you manage your organization’s risky business. Get a free expo pass when you reserve a personal, in-depth demo tailored to your security needs!
XM Cyber is coming to RSA(San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.
5th Annual Cyber Security Conference for Executives(Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!
What are cyber attacks and how do they happen?(Sydney Morning Herald) A major hack of political parties has come less than a fortnight after another hack of MPs databases in Parliament. What is a cyber attack and how does it happen?
Demystifying the Crypter Used in Emotet, Qbot, and Dridex(Zscaler) Zscaler security research team recently spotted a common crypter being used in the recent Emotet, Qbot, and Dridex campaigns. In this research, we described the properties of crypted binaries that hold true across various mutations. Read more.
A Deep Dive on the Recent Widespread DNS Hijacking Attacks(KrebsOnSecurity) The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.
The Aurora vulnerability is still being shunned by the electric industry - where is the education(Control Global) I had conversations with the retired engineering managers from the ONLY TWO utilities that worked with DOD on installing and monitoring of the Aurora hardware mitigation devices. When I told them about the push back from industry on Aurora, they were dumbfounded and depressed. Where is the appropriate education about Aurora and other physical-cyber threats for decision makers, grid engineers, and cyber security personnel?
Marriott now lets you check if you’re a victim of the Starwood hack(TechCrunch) Hotel chain giant Marriott will now let you check if you’re a victim of the Starwood hack. The company confirmed to TechCrunch that it has put in place “a mechanism to enable guests to look up individual passport numbers to see if they were included in the set of unencrypted passport nu…
4 Ransomware Trends to Watch in 2019(Recorded Future) Just as ransomware teams annually adjust their attacks based on the changing security landscape, security teams need to be able to adjust their protections.
Armis HIMSS 2019 Survey(Armis) Armis HIMSS 2019 Survey Healthcare Professionals Lack Confidence in Medical IoT Security; Majority Incapable of Stopping Cyber Attack For healthcare organizations, cyber security continues to be a major priority, and this was evident in the sessions and discussions at HIMSS … Read More
Splunk pulls out of Russia(Computerworld) Splunk has announced it will cease selling its platform to organisations in Russia. The decision also applies to subsidiaries whose parent companies are based in Russia and businesses that “would use the software or services within the territory”.
Niantic is hiring Security Engineers to combat hackers and data miners(Wizards Unite Hub) In an effort to combat cheaters, hackers, API crackers and data miners ahead of Wizards Unite release, Niantic is hiring Security Engineers with experience in hardening game clients and corporate networks. Two new job listings have appeared on Niantic’s Careers page: Security Engineer (Client), offered in SF, LA and Sunnyvale (California), Seattle and Zurich Security …
Symantec Improves Email Security With Fraud Protection (eWEEK) Symantec is looking to help reduce the risk of Business Email Compromise (BEC) attacks with a new offering that makes it easier to implement and manage Domain-based Message Authentication, Reporting and Conformance (DMARC) for email authenticity.
Tenable doubles cyber exposure technology integrations(Zawya) Tenable®, Inc., the Cyber Exposure company, today announced that the company more than doubled its Cyber Exposure Ecosystem throughout 2018, including 43 new or enhanced technology integrations and 20 new integration partners.
GCA Cybersecurity Toolkit for Small Business(GCA Cybersecurity Toolkit for Small Business) Discover free, effective tools that small businesses can use today to take immediate action to reduce cyber risk and strengthen defenses. Learn more.
Cybersicherheit: Mindestanforderungen für neue Lieferanten bei Siemens(Industrie Magazin) Der deutsche Industriekonzern führt im Bereich Cybersicherheit schrittweise Mindestanforderungen für neue Lieferanten ein. Das schwächste Glied einer industriellen Lieferkette sei entscheidend für die gesamte Sicherheit, hieß es. Auch Telekom, Allianz oder Airbus machen mit.
What business leaders can learn from Jeff Bezos’ leaked texts(TechCrunch) The ‘below the belt selfie’ media circus surrounding Jeff Bezos has made encrypted communications top of mind among nervous executive handlers. Their assumption is that a product with serious cryptography like Wickr – where I work – or Signal could have helped help Mr. Bezos and Amazon avoid this drama.
New Michigan Cybersecurity Leader Emphasizes Collaboration(Government Technology) Meet Chris DeRusha, Michigan's new chief security officer — a former White House adviser who has been working for the state for about a year. DeRusha got his start under CIO David DeVries, who has since stepped down.
Czech Technical University dumps Huawei(Prague Daily Monitor) Lupa.cz reports that the Czech Technical University (ČVUT), the country's top technical institution, has decided to end its collaboration with Chinese telecommunications giant, Huawei.
Cyber blitzkrieg replaces cyber Pearl Harbor(ZDNet) The first wartime cyber attack against electricity grids was in 1999, says one of Australia's leading cyber strategists, but 20 years later we're still not ready to face 'multi-vector' cyber attacks.
Kremlin seeks more control over internet in Russia(TheHill) Russia is taking steps to tighten its grip on the internet within its borders, as the nation’s legislature advanced legislation this week that would test temporarily disconnecting Russia from the global internet.
Czech cyber watchdog confirms warning against Huawei(Radio Praha) The National Cyber and Information Security Agency has reiterated its warning that Huawei and ZTE products should not be used in Czech critical infrastructure. The agency sent its reply to Huawei on Thursday, following the company’s request for a cancellation or modification of its statement originally issued in December last year.
China tells world to ignore Mike Pence ‘lectures’(Washington Examiner) European leaders should disregard "lectures" from Vice President Mike Pence and other U.S. officials about Chinese encroachment into Europe, a top diplomat from the communist nation said Saturday.
Facebook targeted in scathing report by British Parliament(Silicon Valley Business Journal) A British parliamentary committee issued a scathing report accusing the social media giant of breaking data privacy and competition laws and calling for new regulations to rein in the technology industry.
Meeting the Canadian ‘voice of Islamic State’(Times) You may recognise the voice of the thin Canadian in Hasakah. Until his capture on a battlefield in Syria last month, the 35-year-old man from Toronto was the voice of Islamic State, the mysterious...
Utilities face ongoing challenges to secure the grid(Tampa Bay Times) The North American Electric Reliability Corp., a nonprofit tasked with enforcing grid protection compliance, fined an unnamed utility $10 million — its largest ever penalty — in late January.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis(Miami, Florida, USA, April 22 - 23, 2019) Insider Threat Program Management - Insider Threat Detection & Data Analysis Training
The Insider Threat Defense Group will be holding its next class "Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis", in Miami, FL, on April 22-23, 2019. At the completion of this training, students will be well versed on how to develop, implement, manage or enhance an ITP, and have the in-depth knowledge to gather, correlate and analyze an extensive amount of raw data sources to detect and mitigate Insider Threat Risks. The course has been taught to over 540+ organizations.
Insider Threat Program Development-Management Training Course(Herndon, Virginia, USA, February 18 - 19, 2019) Insider Threat Defense announced it will hold its highly sought after 2 day Insider Threat Program Development-Management Training Course, in Herndon, VA, on February 19-208, 2019. This 2 day training...
CPX Europe 360 2019(Vienna, Austria, February 18 - 20, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...
Cybersecurity, Privacy & Trust: A Media Perspective(San Francisco, California, United States, February 21, 2019) As cyberattacks escalate and public awareness around data privacy and security risks increases, companies are grappling with how to comply with regulations and restore consumer trust. From rethinking how...
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
BSides Columbus 2019(Columbus, Ohio, USA, March 1, 2019) BSides Columbus is a volunteer-run conference that gives local (and not-so-local) information-security enthusiasts a platform to share their discoveries and breakthroughs with the Central Ohio infosec...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.