How can industrial organizations stay ahead of ICS adversaries and proliferating threats?
Dragos identified the most dangerous threat to ICS, XENOTIME (the activity group behind TRISIS), has expanded its targeting beyond oil and gas--illustrating a trend that will likely continue for other ICS-targeting adversaries. Learn more about how taking an intelligence-driven approach to ICS cybersecurity can help organizations stay ahead of the latest threats to ICS environments.
July 2, 2019.
By the CyberWire staff
BlackBerry Cylance has published an overview of recent activity by OceanLotus (also known as APT32 or CobaltKitty). They're particularly interested in Ratsnif, a set of remote access tools Vietnam's cyberoperators worked with and used since 2016. Ratsnif (which offers packet sniffing, gateway and device ARP poisoning, DNS poisoning, HTTP injection, and MAC spoofing) had gone undetected for some time, probably because of its selective employment. It's not up to CobaltKitty's usual high standards of coding, and indeed BlackBerry Cylance finds it "sloppy." But then you only have to be good enough to attain your objectives, and achieve them Ratsnif generally did.
Google has removed more than a hundred apps from the Play Store after Trend Micro found one-hundred-eighty-two camera and game apps infested with adware. One-hundred-eleven were in Google Play, the rest in various third-party stores, CyberScoop reports.
Extortionists claiming to have installed a Trojan via EternalBlue-infected adult sites are lying. It's a pure scam, BleepingComputer says: delete the emails.
The Washington Post surveyed experts and found that most thought the US cyberattack against Iranian targets was the right call: it was nonlethal, properly discriminating in that it hit clearly military targets, and sensibly proportionate as a response to Iranian attacks on shipping and a US surveillance drone. Reservations the experts voiced involved concerns about escalation, the semi-public way the attack was avowed, the immature state of international laws of cyber conflict, and the possibility of attack tools escaping into the wild. An Iranian response can be expected, CipherBrief notes.
Today's issue includes events affecting Brazil, Canada, China, Egypt, Estonia, Finland, Germany, Hungary, Iran, Iraq, Kenya, Malta, NATO/OTAN, Netherlands, Pakistan, Russia, Singapore, Sweden, Syria, United Kingdom, United States, and Vietnam.
Bring your own context.
Using open source code is attractive, but it presents challenges, too: software supply chain security, patching, licensing, and so on. Where did the code come from, who owns it, and what rights are associated with it?
"And so, one of the big things that I personally advocate for is that development teams make friends with their lawyers. Take them out to lunch, hang out with them a little bit. It seems so goofy, but at some point in time, that legal team is going to need to be there for you. They should at least know that you're on 'the good guys' side' and you're not trying to do anything and bend any rules. You just are legitimately trying to do the right thing for the company. And when you have that relationship, it's a whole lot easier to go and have a conversation and say, look, I did this, how do we get ourselves unstuck?"
—Tim Mackey, principal security strategist with the Synopsys Cyber Research Center, on the CyberWire's Research Saturday, 6.29.19.
Have you hugged your corporate counsel lately? How about your outside counsel? (Metaphorically hugged, of course.) Security teamwork at some point needs a legal player.
And a reminder to our readers: the CyberWire won't publish on July 4th, 5th, or 6th, as we observe the Amexit of 1776. Enjoy the Fourth.
Are you centralizing all security-related data from across the business?
Is there a challenge with your security data you haven’t been able to wrangle? Devo enabled one their customers – a top five US retail manufacturer – to move fast enough to outpace malicious bots by reducing query time from 5 hours to 5 minutes. That was something they couldn’t do with anyone else.
Cyber Security Summits: DC on July 16 and in Chicago on August 27(Washington, DC, United States, July 16, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The U.S. DOJ, Verizon, Center for Internet Security, IBM and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today.
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cyber Attacks, Threats, and Vulnerabilities
Vietnamese hacking group has a ‘Swiss Army knife’ of tools at its disposal(CyberScoop) A set of remote access tools used by Vietnam’s top hacking group remained largely undetected for years despite their reliance on sloppy code and other hacking techniques that fall short of the group’s normally high standard, according to research published Monday by BlackBerry Cylance.
Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus(Threat Vector) The OceanLotus Group (aka APT32, CobaltKitty) is using a suite of remote access trojans dubbed 'Ratsnif' to leverage new network attack capabilities. In this blog, BlackBerry Cylance threat researchers have analyzed the Ratsnif trojans, which offer a veritable Swiss-army knife of network attack techniques.
Vulnerability Summary for the Week of June 24, 2019(CISA) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Extortion Scam Claims EternalBlue Was Used to Install a Backdoor(BleepingComputer) An extortion scam is being distributed that claims a Remote Access Trojan, or RAT, was installed on your computer using the EternalBlue exploit. The scammers then go on to say that they used the RAT to take videos of you on adult web sites and that you must pay a ransom or they will send it to all of your contacts.
Facebook, YouTube Overrun With Bogus Cancer-Treatment Claims(Wall Street Journal) Facebook and YouTube are being flooded with scientifically dubious and potentially harmful information about alternative cancer treatments, which sometimes gets viewed millions of times, a Wall Street Journal examination found.
Security Patches, Mitigations, and Software Updates
Analysis | How Huawei Became a Target for Governments(Washington Post) Huawei Technologies Co., one of China’s most global companies, is increasingly in the crosshairs of the U.S. government and its Western allies, just as it’s pushing for a leadership role in the new wireless standard known as 5G. The telecommunications giant is facing multiple battles, including the arrest in Canada of its chief financial officer, criminal charges in the U.S. and the prospect of being banned from buying American-made components and shut out of infrastructure projects around the w
ID Incognito Launches - A Web App For Online Privacy(Yahoo) ID Incognito is a new web app dedicated to protecting your personal information online. The app was made in response to the growing need to provide personal information in order to use services online, specifically phone numbers and email addresses.
How Europe's smallest nations are battling Russia's cyberattacks(Yahoo News) Earlier this year, the country of Berylia came under a coordinated cyberattack. For two days, hackers targeted the island nation’s power grid and public-safety infrastructure, while cyber experts from across Europe worked to counter the attacks. Of course, the island nation of Berylia is imaginary,
Stealth Attacks Require Stealth Responses(SIGNAL Magazine) Global, asymmetrical threats now dominate attacks on nations and businesses alike, and the enemy is not always immediately knowable, identifiable or even seen.
AI Powers ‘Self-Healing’ Technology(Wall Street Journal) Companies are tapping artificial intelligence to automate the care of their operations and information-technology infrastructure, finding that AI can identify and fix problems more quickly than humans.
President: We need to boost cybersecurity capabilities(ERR) President Kersti Kaljulaid held a meeting with the National Defence Council on Monday, to discuss the future of the e-state. One significant conclusion arose, namely that the state needs to actively seek opportunities to increase cyber security and cryptography capabilities.
How to Win Friends and Wage Jihad(Foreign Affairs) With its wealth of experience and web of historical relationships with regional powers, al Qaeda looks poised to capitalize on the chaos engulfing the Middle East.
Industry Influence on an FCC Advisory Panel(Project On Government Oversight) The Federal Communications Commission is supposed to help keep our communication networks secure. But its reliance on an industry-dominated group for cybersecurity advice undermines that mission.
Square Faces Lawsuit Over Misfired Medical Receipt (Wall Street Journal) A California man accused Square of violating privacy laws after the payments company mistakenly forwarded a digital receipt containing details of his medical history to one of his friends.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
RuhrSec 2020(Bochum, Nordrhein-Westfalen, Germany, May 5 - 8, 2020) Since 2016, RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. RuhrSec provides academic and industry talks, the typical University...
INTERPOL World 2019(Singapore, July 2 - 4, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...
Minneapolis Cybersecurity Conference(Minneapolis, Minnesota, USA, July 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Insider Threat Program Development - Management Training Course(Mountain View, California, USA, July 15 - 16, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Development - Management Training Course, in Mountain View, California, on July 15-16, 2019. This comprehensive...
Raleigh Cybersecurity Conference(Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.