What are the best practices and tools for SecOps in 2019?
Read the 2019 SANS Security Operations Survey report for key insights & strategies from principal SANS Instructor Christopher Crowley & SANS Director of Emerging Technologies John Pescatore. Download your copy now.
July 25, 2019.
By the CyberWire staff
Assessment and penetration-testing company Immunity is selling a BlueKeep version as part of its CANVAS penetration testing suite, ZDNet reports. BlueKeep is already being exploited in the wild: Intezer finds it in the latest version of the WatchBog cryptojacking botnet.
Researchers at Lookout announced the discovery of "Monokle," described as a "new and sophisticated set of custom Android surveillanceware tools." There may be an iOS version lurking somewhere, but for now the Android toolkit is in use in the wild. Lookout attributes Monokle to the Special Technology Centre, Ltd., also known as STC, Ltd. or simply STC. The company is based in St. Petersburg, Russia, and was sanctioned in 2016 by a US Executive Order for its work on behalf of the GRU against US elections. Monokle is advanced mobile malware designed to collect and exfiltrate personal data from infected devices.
Hacktivist group Intrusion Truth has linked APT17 to Jinan bureau of the Chinese Ministry of State Security. They also say APT17 engages in some domestic crime on the side, selling data stolen from Chinese targets.
Proofpoint describes the activities of a Chinese Advanced Persistent Threat group it calls "Operation LagTime IT,” and which it tracks internally as TA428. LagTime is a cyber espionage operation that collects against East Asian targets, for the most part goverment agencies that oversee "government information technology, domestic affairs, foreign affairs, economic development, and political processes." The campaign uses a Remote Access Trojan, CotxRAT, as well as Poison Ivy payloads. These it distributes by phishing.
Today's issue includes events affecting Argentina, Brazil, Chile, China, Dominican Republic, Ecuador, European Union, Oman, Peru, Russia, Turkey, United Kingdom, United States, and Uruguay.
Bring your own context.
There may be more to an insider threat program than we tend to think.
"What do you need to think about when you're creating an insider threat program? We've broken it into four steps. Number one - think about what team you're going to pull together. While I'm probably writing this for security practitioners, security is not the only stakeholder and maybe not even the most important stakeholder. We want to make sure we have HR. They're definitely a really important stakeholder. Legal's going to be a part of this, and depending on your company, product is a part of this, maybe sales. It really depends on who is it that's concerned about insiders and what they may do. The second step of creating the program is - what are the risks that you need to address for your company? You know some obvious ones - right? - theft of intellectual property, customer data that may get stolen. Based on what you do, you want to think about sabotage of your organizational systems. You know, are there national security concerns? If you're running a water plant, you know, maybe those are both pretty relevant. The third step that we looked at was identifying the critical controls that you need to watch - once again, you know, some things that are pretty much generally across the board you want to look at. Every company wants to look at their sales folks, their finance folks, their executive team, probably some IT system administrators."
—Robb Reck, CISO at Ping Identity, on the CyberWire Daily Podcast, 7.23.19.
It's a truism to say so, but an insider threat program is an exercise in risk management. Some of that risk might come from a poorly constructed program. Did you notice that HR and Legal both have a place on the team?
With LookingGlass, it’s Game Over For Threat Actors
There are many weapons to choose from when it comes to cybersecurity solutions providers – and you must choose wisely. With LookingGlass Cyber Solutions as your security provider, its “Game Over” for threat actors trying to infiltrate your network. To learn more about our solutions, visit our experts at the LookingGlass Network & Chill Lounge, Mandalay Bay South, Palm A on level 3, August 7 & 8. Take a break from the hectic show floor for old school video games, happy hour from 3-7 PM, and a demo tailored to your organization’s security needs.
And Hacking Humans is up, too. In today's edition, "Looking after Dad," Joe shares a story on the market economy of phishing. Dave explains how gamers are being taken advantage of on popular chat app Discord. The catch of the day includes a little bit of showbiz razzle-dazzle. Our anonymous guest this week shares his efforts to keep his father from falling for online scams.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Codenomicon August 6 Skyfall Lounge Las Vegas(Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
BlueKeep Scanner Discovered in Watchbog Cryptomining Malware(BleepingComputer) A new Watchbog malware variant can scan for Windows computers vulnerable to BlueKeep exploits, with previous variants only being utilized to infect Linux servers compromised using Jira, Exim, Nexus Repository Manager 3, ThinkPHP, and Solr Linux exploits.
Deep Dive into Guildma Malware(Avast) For several months now, we have been tracking malware called Guildma. Guildma is powerful combination of a RAT (remote access tool), spyware, password stealer and banker malware, mainly distributed via malicious attachments in phishing email campaigns.
Own The Router, Own The Traffic(SecureWorks) As threat actors increasingly target supply chains, man-on-the-side techniques introduce another layer of complexity that organizations must consider.
Imperva Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS)(Imperva Blog) Imagine you’re a developer building a new web application. You’ve followed all of the security best practices, hired a reputable penetration testing company before launch, and gone through extensive bug fixing to remove any vulnerabilities. However, would you be confident that your application could survive the largest and longest DDoS attack that you’d ever seen? …
Cloudy with a Chance of Entropy(Unit42) Cloudy with a Chance of Entropy The term “cloud” has been popular in the business lexicon since 2006 when Amazon Web Services (AWS) launched its Elastic Compute Cloud (EC2). The latest Cloud Threat Report from Unit 42, which was released today, shows that organizations continue to struggle with securing public cloud platforms some 13 years
Cyber Mindset Exposed: Keeper Unveils its 2019 SMB Cyberthreat Study(Keeper Blog) Over the past month, Keeper Security surveyed 500 senior decision makers at SMBs to uncover more about their mindsets around cyberthreats (likely or not?) and common misperceptions (too new, too old, whose job is it anyways?). The findings underscore just how unprepared businesses are for cyberattacks. Here are the top …
Irdeto Global Connected Industries Cybersecurity Survey(Irdeto) The Irdeto Global Connected Industries Cybersecurity Survey polled 700 security decision makers across Connected Health, Connected Transport and Connected Manufacturing plus IT and technology* (who manufacture IoT devices) industries about cyberattacks targeting their organization, concerns about the types of attacks that could target their organization, security measures currently in place and much more.
Survey Finds Insiders Pose Serious Threat to Data Security(Nucleus Cyber) Nucleus Cyber, the intelligent data-centric security company for the modern workplace, issued new warnings about the dangers malicious and negligent insiders pose to data and enterprise systems, following the publication of the 2019 Insider Threat Report conducted with Cybersecurity Insiders.
Government breaches - can you trust the US Government with your data?(Comparitech) The US government suffered 443 data breaches since 2014, with 2018 being the worst year so far, according to a new study by Comparitech. Data breaches are often associated with the private sector—hackers break into databases owned by businesses to steal user data and other valuable information. But the government is also a frequent target …
Banks' Inevitable Race To The Cloud(Forbes) Despite proof and evidence of the benefits, skepticism around cloud computing in banking remains. Rest assured, it won't take 100 years for popular opinion to change. Even if we are talking about bankers.
How social media has coarsened our minds(Times) Few writers are prophetic. An American media studies professor called Neil Postman was. In 1985 he published Amusing Ourselves to Death, a polemic that warned society was becoming trivialised by...
Pentagon efforts to counter China's influence in cyberspace extend to South America(Inside CYbersecurity) The Defense Department's Southern Command is working to provide cyber defense training and IT infrastructure to several South American militaries in a bid to blunt China's growing technological influence in the region, a move that comes amid action on several fronts for countering the cybersecurity threat from Beijing.
Rubio on Huawei(The Washington Times) Sen. Marco Rubio is confident that Congress will codify in law Trump administration restrictions imposed on China’s telecommunications giant Huawei Technologies, a company the Florida Republican says poses a national security threat to the United States.
Facebook Penalty Sends Message to Big Tech(Wall Street Journal) The record $5 billion fine and oversight conditions regulators imposed on Facebook for privacy violations put tech companies on notice that failing to protect consumer data may lead to greater legal risks than previously.
FTC Sues Cambridge Analytica, Settles with Former CEO and App Developer(Federal Trade Commission) The Federal Trade Commission filed an administrative complaint against data analytics company Cambridge Analytica, and filed settlements for public comment with Cambridge Analytica’s former chief executive and an app developer who worked with the company, alleging they employed deceptive tactics to harvest personal information from tens of millions of Facebook users for voter profiling and targeting.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybertech Midwest 2019(Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Smoky Mountain Bigfoot Conference(Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...
Cyber:Secured Forum 2019(Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...
Community College Cyber Summit (3CS)(Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...
New York City Cybersecurity Conference(New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.