How can industrial organizations stay ahead of ICS adversaries and proliferating threats?
Dragos identified the most dangerous threat to ICS, XENOTIME (the activity group behind TRISIS), has expanded its targeting beyond oil and gas--illustrating a trend that will likely continue for other ICS-targeting adversaries. Learn more about how taking an intelligence-driven approach to ICS cybersecurity can help organizations stay ahead of the latest threats to ICS environments.
July 1, 2019.
By the CyberWire staff
President Trump has agreed to permit Huawei to buy some US products ("boring kit," as CRN puts it). Reuters reports that the White House says there's no diminution of concern about Huawei as a security risk. Forbes says Huawei applauds what the company calls a u-turn.
In an interview with Ars Technica, US CISA Director Krebs repeats warnings of expected Iranian cyberattacks against US targets.
Iran has taken down two big cryptocurrency mining farms run from disused factories. Authorities say the activity was sufficiently power hungry to have rendered portions of the grid "unstable," with consumers of electricity noticing problems, according to Radio Free Europe/Radio Liberty.
Not a cyberattack, but an incident worth considering in the light of concerns about the power grid, is a recent power-failure induced disruption of manufacturing. A thirteen-minute outage at Toshiba Memory disrupted flash memory production, a disclosure from Western Digital said last week. The accident destroyed some six exabytes of product. Production is expected to return to normal in the middle of July. Significant "fluctuations" in flash prices are expected to follow, CRN notes.
The ransomware attack at aviation components manufacturer Asco remains only partially fixed. Things are improving, AIN says, but Asco doesn't yet have a projected time for full recovery.
Australia is leading a voluntary international agreement in which governments would swiftly take down "abhorrent" content posted online, CRN reports.
Axios writes that strong interest in Facebook's projected Libra cryptocurrency has already led to a scramble by scammers to register Libra-sounding domains.
Today's issue includes events affecting Australia, Canada, Estonia, European Union, Finland, India, Iran, Israel, Republic of Korea, NATO/OTAN, Russia, United States.
Bring your own context.
To protect an enterprise against ransomware, it's important to back up files. But there's a craft to doing so effectively.
"And a lot of times people will put those backups on network-attached storage devices, on FTP servers, things like that. You know, what happens then if those files are then encrypted? What happens when your backups become encrypted? What do you do then? I think in that case it's obviously a good idea to have a ransomware playbook. Backing up your data is not going to be the only thing that you should do."
—Harrison Van Riper from Digital Shadows, on the CyberWire Daily Podcast, 6.27.19.
Not all backups are equal. And do have a plan (a good plan).
And a note to our readers: the CyberWire won't publish on July 4th, 5th, or 6th, as we observe the Independence Day weekend. Enjoy the holiday.
Are you centralizing all security-related data from across the business?
Is there a challenge with your security data you haven’t been able to wrangle? Devo enabled one their customers – a top five US retail manufacturer – to move fast enough to outpace malicious bots by reducing query time from 5 hours to 5 minutes. That was something they couldn’t do with anyone else.
In today's podcast, out later this afternoon, we speak with our partners at Accenture, as Justin Harvey describes ways attackers are bypassing two-factor authentication on mobile devices. Our guest is Gretel Egan from Proofpoint, and she discusses the shift toward human-centric security.
Cyber Security Summits: DC on July 16 and in Chicago on August 27(Washington, DC, United States, July 16, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The U.S. DOJ, Verizon, Center for Internet Security, IBM and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today.
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Alleged Cyber Attack on Russia's Yandex Used Malware Tied to Western Intelligence(Gizmodo) Hackers believed to be working for Western intelligence agencies “broke into Russian internet search company Yandex from October to November 2018,” deploying a malware variant called Regin that is “known to be used by the ‘Five Eyes’ intelligence-sharing alliance of the United States, Britain, Australia, New Zealand and Canada,” Reuters reported on Friday, citing four people with knowledge of the incident.
An Analysis of Godlua Backdoor(360 Netlab Blog) On April 24, 2019, our Unknown Threat Detection System highlighted a suspicious ELF file which was marked by a few vendors as mining related trojan on VT. We cannot confirm it has mining related module, but we do see it starts to perform DDoS function recently.
The Curious Case of Silexbot(Decipher) The Silexbot malware is compromising IoT devices and destroying their file systems and rebooting them, in an apparent attempt to stop botnet controllers from owning them.
Bot Fraud Grows Across All Mobile Businesses And Now Threatens Apps(Forbes) A massive battle is looming on mobile and apps as bots become more sophisticated and harder to detect. Adjust, a mobile measurement and anti-fraud company, is taking a different approach, focusing on the data that bots can’t fake, such as the pressure on the screen and the motion of the device.
Okta: If You Have To Ask, You Can't Afford It(Seeking Alpha) Okta is a leader in identity management solutions with 53% YoY revenue growth. As with most high-growth companies, valuation is lofty, but in the case of Okta, valuation is extreme.
Trump Allows U.S. Sales to Huawei as Trade Talks Resume (Wall Street Journal) President Trump and his Chinese counterpart agreed to a cease-fire in their trade battle, as Mr. Trump said he would allow American firms to sell high-tech equipment to Huawei and China would start buying U.S. farm products.
Trump 'not backing off' Huawei as security threat: Kudlow(Reuters) National Economic Council chairman Larry Kudlow says President Trump's decision to allow new sales to China's Huawei does not mean he's 'backing off' the telecommunications giant as a national security threat. Rough Cut (no...
Trump Leaves Huawei’s South Korean Suppliers Hanging(Wall Street Journal) In a speech to South Korea’s largest conglomerates after he eased the toughest U.S. measures against Huawei, President Trump provided no direction on how they should proceed with the Chinese tech giant.
Election Administration and Voting Survey(US Election Assistance Commission) Since 2004, the Election Assistance Commission (EAC) has conducted the Election Administration and Voting Survey (EAVS) following each federal general election.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
RuhrSec 2020(Bochum, Nordrhein-Westfalen, Germany, May 5 - 8, 2020) Since 2016, RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. RuhrSec provides academic and industry talks, the typical University...
INTERPOL World 2019(Singapore, July 2 - 4, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...
Minneapolis Cybersecurity Conference(Minneapolis, Minnesota, USA, July 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Insider Threat Program Development - Management Training Course(Mountain View, California, USA, July 15 - 16, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Development - Management Training Course, in Mountain View, California, on July 15-16, 2019. This comprehensive...
Raleigh Cybersecurity Conference(Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.