What are the best practices and tools for SecOps in 2019?
Read the 2019 SANS Security Operations Survey report for key insights & strategies from principal SANS Instructor Christopher Crowley & SANS Director of Emerging Technologies John Pescatore. Download your copy now.
July 22, 2019.
By the CyberWire staff
The BBC's Russian-language service reported late Friday that Sitek, a Moscow-based IT firm, had been successfully hacked. The company's website was defaced with a leering Yoba face, and the attackers claimed to have stolen some seven-and-a-half terabytes of data. Sitek is generally thought to be an FSB contractor. Among the information the attackers obtained and shared with hacktivist group Digital Revolution were screenshots of the target company's internal interface. The Sitek projects exposed included social media monitoring solutions and TOR deanonymization tools.
CBS News and others report that Microsoft has observed a "spike" in Iranian cyberattacks since nuclear non-proliferation agreements collapsed. FireEye warned last week that APT34, also known as Helix Kitten, is undertaking a large catphishing campaign via LinkedIn. Its apparent goal is espionage directed against the financial and energy sectors. Government agencies are also targeted.
The Financial Times reports that the controversial lawful intercept shop NSO Group is offering a new version of its Pegasus spyware that can access private messages held in major cloud services, including those provided by Apple, Amazon, Google, and Facebook. BGR says Pegasus costs "millions of dollars," effectively pricing it out of the range of any but government customers.
Former NSA contractor Hal Martin was sentenced to nine years imprisonment on Friday for theft of classified information. As ZDNet observes, the government did not establish that Martin was the source of the ShadowBrokers' leaks.
The Federal Trade Commission says Equifax will pay $575 million in its settlement over the credit bureau's 2017 breach.
Today's issue includes events affecting Bulgaria, China, European Union, India, Iran, Israel, Russia, Taiwan, United Kingdom, United States.
Bring your own context.
Vulnerability scanning is an important hygienic measure. But it must be done with a degree of circumspection.
"Now, a very simple vulnerability scan would basically just scan your network, check what service are exposed and report on that. But that's usually not all that useful. So what you do is you actually provide your vulnerability scanning system with credentials. It can log into a systems and then find out more detail of what the system may be vulnerable to. The tricky part here is that, in order to do this, the credentials being used by the vulnerability scanning systems often have some elevated privileges, and an attacker can actually take advantage of these credentials and use them, then, to attack your system if they're able to intercept a connection that is established by the vulnerability scanning system."
—Johannes Ullrich of the SANS Institute on the CyberWire Daily Podcast, 7.19.19.
With LookingGlass, it’s Game Over For Threat Actors
There are many weapons to choose from when it comes to cybersecurity solutions providers – and you must choose wisely. With LookingGlass Cyber Solutions as your security provider, its “Game Over” for threat actors trying to infiltrate your network. To learn more about our solutions, visit our experts at the LookingGlass Network & Chill Lounge, Mandalay Bay South, Palm A on level 3, August 7 & 8. Take a break from the hectic show floor for old school video games, happy hour from 3-7 PM, and a demo tailored to your organization’s security needs.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Codenomicon August 6 Skyfall Lounge Las Vegas(Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Russian FSB Intel Agency Contractor Hacked, Secret Projects Exposed(BleepingComputer) A contractor for the Russian Federal Security Service (FSB) has been hacked and secret projects that were being developed for the intelligence agency were leaked to Russian Media. These projects detail Russia's attempt to de-anonymize users on the Tor network, collect data from social networks, and how to isolate the Russian internet
The top brass is not in your DMs(Fifth Domain) Governments across the world, including the U.S. Department of Defense, are becoming increasingly concerned about fake social media accounts for leaders as senior as the Joint Chiefs of Staff.
Microsoft Confirms Windows 'Great Duke Of Hell' Malware Attack(Forbes) Astaroth is, as demonologists will tell you, the Great Duke of Hell and part of the evil trinity. Microsoft, however, is warning that Astaroth malware is attacking Windows users with a fileless "invisible man" methodology. Here's what you need to know.
Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide(TrendLabs Security Intelligence Blog) We found a threat that scans for open ports and brute forces systems with weak credentials to drop a Monero cryptocurrency miner. While the installation and mining process is hidden by old evasion tool XHide Process Faker, the malware can be used for bigger attacks in the future as both the shellbot and miner can be monetized.
NSO spyware ‘targets Big Tech cloud services’(KnowBe4) The Israeli company whose spyware hacked WhatsApp has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch.
Beware of fake FaceApp before installing on your phone(Deccan Herald) While controversy is raging over the FaceApp's privacy concerns, a report has come to light that a malware-riddled fake application with the same moniker has made its way to mobile app stores. Security researchers at Kaspersky have uncovered a fake FaceApp, which is fooling unsuspecting people to download them and infect victims’ devices with an adware module called MobiDash.
Results from NREL’s Assessing the Impact of Cybersecurity on the Nation’s Wind Farms Workshop (Control Global)
There were approximately 50 participants from wind turbine and control system suppliers, utilities, national laboratories, regulators, wind farm standards organizations, and a credit rating agency at the NREL “Assessing the Impact of Cybersecurity on the Nation’s Wind Farms” workshop. The lack of public awareness of wind farm cyber incidents has negatively affected the industry’s focus on addressing cyber security.
Survey: Cybersecurity risks threaten deals(Crain's Cleveland Business) From Bloomberg: Of more than 2,700 information technology and business decision makers surveyed by Forescout Technologies Inc. in seven countries, 53% reported that their organization had encountered a critical cybersecurity issue or incident that put an M&A deal in jeopardy. And 65% of respondents said they had experienced buyers’ remorse because of cybersecurity concerns after closing a deal.
Windows Defender Gets a New Name: Microsoft Defender(BleepingComputer) Windows Defender is being rebranded to Microsoft Defender to indicate that it now part of a cross platform family of products. This includes enterprise products, which offer solutions for multiple OS platforms.
Huawei’s new OS is for industrial use, not Android replacement(TechCrunch) Seems Hongmeng isn’t the Android replacement it’s been pitched as, after all. The initial story certainly tracked, as Huawei has been preparing for the very real possibility of life after Google, but the Chinese hardware giant says the operating system is primarily focused on industrial use. The la…
MSU staff, students among competitors in cybersecurity challenge co-sponsored by NSPARC(Mississippi State University) Battling in teams, earning points and gaining bragging rights while sparking interest in cybersecurity will be the essence of the upcoming Capture the Flag hacking competition. Co-sponsored by Mississippi State University’s National Strategic Planning and Analysis Research Center and ServiceMaster, this CTF event will be held July 27 from 9 a.m. to 6 p.m.
Cyberthreats Keeps DIA Director Up at Night(U.S. DEPARTMENT OF DEFENSE) Lt. Gen. Robert P. Ashley Jr., director of the Defense Intelligence Agency, talked about the emerging threats at the Aspen Security Forum in Aspen, Colorado.
Huawei 5G indecision is hitting UK’s relations abroad, warns committee(TechCrunch) The U.K.’s next prime minister must prioritize a decision on whether or not to allow Chinese tech giant Huawei to be a 5G supplier, a parliamentary committee has urged — warning that the country’s international relations are being “seriously damaged” by ongoing delay. …
Elections experts say cybersecurity threats demand federal funding(TribLIVE.com) Unfunded cybersecurity needs are leaving state and local election officials to stand on the front lines of threats from sophisticated international interests, a new report asserts. “Defending Elections,” a report from the Brennan Center for Justice, highlights growing concerns that myriad unmet security needs pose a threat to fair elections.
An entire nation just got hacked(CNN) Asen Genov is pretty furious. His personal data was made public this week after records of more than 5 million Bulgarians got stolen by hackers from the country's tax revenue office.
NSA Office of the Inspector General Releases Semi-Annual Report to Congress(IC ON THE RECORD) The National Security Agency/Central Security Service Office of the Inspector General has released an unclassified version of its latest Semi-Annual Report to Congress on its public website, OIG.NSA.GOV. This report details NSA OIG’s activities from October 1, 2018-March 31, 2019.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
2019 FAIR Conference(National Harbor, Maryland, USA, September 24 - 25, 2019) Hosted by the FAIR Institute and our sponsoring partners, the 2019 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Smoky Mountain Bigfoot Conference(Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...
Cyber:Secured Forum 2019(Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...
Community College Cyber Summit (3CS)(Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...
New York City Cybersecurity Conference(New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.