A defensive security posture is no match against today’s sophisticated adversaries—your organization needs to take a proactive approach to address these threats. To be successful, analysts need to understand the tactics, techniques, and procedures used against your organization. The key to understanding the adversary’s motives and patterns? Threat modeling, risk scoring, and gap analysis. Read more about the importance of threat modeling in our newest whitepaper, The Power of a Tailored Threat Model.
February 20, 2019.
By the CyberWire staff
Microsoft this morning said it had discovered another Russian cyber operation targeting think tanks critical of Moscow. The institutions Redmond says were hit include the German Council on Foreign Relations, European branches of the Aspen Institute, and the German Marshall Fund, so there's a clear Atlanticist flavor to the target list. The method of attack was spearphishing; the spearphisher is said to have been Fancy Bear, that is, Russia's GRU military intelligence service.
Fancy Bear's goal appears to be influencing European elections, both upcoming national elections and the EU elections scheduled for May. Microsoft notes that its findings would seem to confirm alarms raised in many European governments. Ukraine has been particularly explicit in its concerns. That country's National Security and Defense Council announced yesterday that it will undertake joint cyber defense exercises with EU partners in the near future. The announcement was accompanied by charges that Russian hacking and influence operations have risen unabated as Ukraine's March 31st presidential election approaches.
Moscow may sometimes be a victim, too: Check Point says it's detected signs that North Korea's Lazarus Group is turning its attentions to Russia.
A decryptor is now available for GandCrab ransomware's version 5.1, BleepingComputer reports. The fix, by Bitdefender, Romanian Police, Europol, and other law enforcement partners, is also effective against some earlier versions. There are, however, already signs that GandCrab version 5.2 is beginning to circulate in the wild.
An exchange of letters between Citizen Lab and Novalpina outline the suspicions that persist around NSO Group.
Today's edition of the CyberWire reports events affecting Australia, Brazil, Canada, China, European Union, Israel, Democratic Peoples Republic of Korea, Russia, Ukraine, United Kingdom, United States.
Headed to San Francisco in March? Skip the rush of the show floor and book your threat hunting session in advance. ExtraHop puts you in the cockpit with network traffic analysis so you can be the blue team as an attack unfolds, reconstruct a database exfiltration, and more. Schedule your demo now to explore security at enterprise scale at RSA!
ON THE PODCAST
In today's podcast, out later this snowy, snowy afternoon, we speak with Mike Benjamin from our partners at CenturyLink. He offers an update on the Necurs botnet. Our guest is Tommy McDowell from the R-CISC (the retail ISAC) on the importance of sharing threat data.
Experience Deep Learning for Network Threat Protection at RSA 2019(San Francisco, California, United States, March 4 - 8, 2019) Signatures and sandboxes can’t keep up with automated attacks. Visit Blue Hexagon booth N4204 and hear how we’re harnessing deep learning to stop known and unknown network threats in less than a second. Pick up a free copy of the book “How To Measure Anything in Cybersecurity Risk.”
Register for the RSA Conference 2019 today!(San Francisco, California, United States, March 4 - 8, 2019) Be part of an empowered global community at RSA Conference 2019, March 4 – 8 in San Francisco. With the latest cybersecurity solutions, countless experts and more, it’s easy to see why RSAC is infosec’s leading event.
Visit LookingGlass at RSA 2019 to Handle Your Risky Business(San Francisco, California, United States, March 4 - 8, 2019) Join LookingGlass at RSA 2019 to learn more about how we can help you manage your organization’s risky business. Get a free expo pass when you reserve a personal, in-depth demo tailored to your security needs!
XM Cyber is coming to RSA(San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.
5th Annual Cyber Security Conference for Executives(Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!
Cyber Attacks, Threats, and Vulnerabilities
North Korea Turns Against New Targets?!(Check Point Research) Over the past few weeks, we have been monitoring suspicious activity directed against Russian-based companies that exposed a predator-prey relationship that we had not seen before. For the first time we were observing what seemed to be a coordinated North Korean attack against Russian entities. While attributing attacks to a certain threat group or... Click to Read More
Ryuk: What does the helpdesk tell us?(Help Net Security) In the case of Ryuk we are dealing with a ‘targeted’ form of ransomware aimed at organizations as opposed to the simple ‘fire and forget’ approach.
Phishing vs spear phishing vs whaling attacks(Security Boulevard) Learn more about the differences between phishing, spear phishing and whaling attacks, and find out how you can keep your business safe. The post Phishing vs spear phishing vs whaling attacks appeared first on Emsisoft | Security Blog.
Security Patches, Mitigations, and Software Updates
AI Is Not Just Getting Better; It’s Becoming More Pervasive(Harvard Business Review) Advances in artificial intelligence (AI) software and hardware are giving rise to a multitude of smart devices that can recognize and react to sights, sounds, and other patterns—and do not require a persistent connection to the cloud. These smart devices, from robots to cameras to medical devices, could well unlock greater efficiency and effectiveness at organizations that adopt them.
Palo Alto Networks to acquire Demisto for $560M(TechCrunch) Palo Alto Networks announced today that it intends to acquire security startup Demisto for $560 million. The company sees a tool that can help enhance the Palo Alto security portfolio by adding a higher level of automation. “The addition of Demisto’s orchestration and automation technol…
IBM to launch research center on Artificial Intelligence in Sao Paulo(MercoPress) IBM is set to launch a research center in the Brazilian city of São Paulo focused on development of solutions around artificial intelligence. The AI center will be the first Latin American institution of IBM's AI Horizons Network. It will be jointly run by the company and the São Paulo Research Foundation (FAPESP) to pursue “a disruptive research program”, with the potential to “promote paradigm shifts in AI.”
Hexagon adds CACI vet Rich(Washington Technology) Hexagon hires former CACI International programs lead Emma Rich as a senior vice president in the federal business.
Splunk Welcomes Carrie Palin as Chief Marketing Officer(Odessa American) Splunk Inc. (NASDAQ: SPLK), delivering actions and outcomes from the world of data, today announced it has appointed Carrie Palin as senior vice president, chief marketing officer (CMO). Palin joins from SendGrid where she served as CMO through the company’s acquisition by Twilio. At Splunk, she will oversee global marketing strategy reporting directly to Susan St. Ledger, president, worldwide field operations .
Who Puts the Ethics in AI?(Security Boulevard) Davos 2019, the annual meeting of the World Economic Forum, took place in January in its namesake city of Switzerland. Unsurprisingly, AI emerged as one of the leading topics of discussion (with 40 sessions dedicated to it, second only to US-China trade). Most of the conversation, however, centered on articulating abstract principles about the importance of ethics in AI, or, at best, calls for collaboration and research in this area.
What Is Agreed Competition in Cyberspace?(Lawfare) The concept of agreed competition allows for robust academic and policy analysis that, hopefully, will allow competition in cyberspace to evolve into a stable arena of global politics.
Synopsys Says Software Security Co. Abused Its License(Law360) Synopsys Inc., which makes software for testing and designing computer chips, accused Fortinet Inc., a security software company, in California federal court of routinely skirting its software access licensing agreement to gain unauthorized access to Synopsys services.
Open letter to Novalpina Capital, CC: NSO Group, Francisco Partners (Amnesty) We, the undersigned organizations, release this open letter to Novalpina Capital regarding the recent announcement of the buyout of NSO Group from Francisco Partners. We call on Novalpina to publicly address our serious concerns regarding accountability for NSO Group’s involvement in previously documented spyware abuses, Novalpina’s current approach to addressing human rights impacts associated with NSO Group’s products and services, and the future trajectory of the company.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis(Miami, Florida, USA, April 22 - 23, 2019) Insider Threat Program Management - Insider Threat Detection & Data Analysis Training
The Insider Threat Defense Group will be holding its next class "Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis", in Miami, FL, on April 22-23, 2019. At the completion of this training, students will be well versed on how to develop, implement, manage or enhance an ITP, and have the in-depth knowledge to gather, correlate and analyze an extensive amount of raw data sources to detect and mitigate Insider Threat Risks. The course has been taught to over 540+ organizations.
Norwich University CGCS 2019 Cyber Security Summit(Northfielf, Vermont, USA, June 18 - 19, 2019) Mid- and executive-level managers seeking to broaden their organizations’ approaches to prudent cyber security practices will gain insight through a series of workshops and discussions on relevant issues...
CPX Europe 360 2019(Vienna, Austria, February 18 - 20, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...
Cybersecurity, Privacy & Trust: A Media Perspective(San Francisco, California, United States, February 21, 2019) As cyberattacks escalate and public awareness around data privacy and security risks increases, companies are grappling with how to comply with regulations and restore consumer trust. From rethinking how...
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
BSides Columbus 2019(Columbus, Ohio, USA, March 1, 2019) BSides Columbus is a volunteer-run conference that gives local (and not-so-local) information-security enthusiasts a platform to share their discoveries and breakthroughs with the Central Ohio infosec...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.