What are the best practices and tools for SecOps in 2019?
Read the 2019 SANS Security Operations Survey report for key insights & strategies from principal SANS Instructor Christopher Crowley & SANS Director of Emerging Technologies John Pescatore. Download your copy now.
July 26, 2019.
By the CyberWire staff
A joint report by BR and NDR describes the long-running Winnti industrial espionage campaign against major German companies. The targets were drawn from the DAX 30, a set of blue chip companies listed on the Frankfurt exchange. Winnti's operations go back to 2011, and showed a familiar mix of intelligence and criminal motivation. The initial attacks seemed purely criminal, and were directed against Karlsruhe-based gaming company Gameforge. By 2014 the group had moved on to industrial espionage against chemical and pharmaceutical firms, starting with Düsseldorf's Henkel, whose adhesive technologies were of interest.
The operations against French targets had a political motivation, according to L'Opinion. Chinese operators worked to manipulate voting at the UN to prevent a French candidate from election to the international body's agriculture and food portfolio.
The US Senate Intelligence Committee has released the first volume of its report on Russian election interference. No new revelations, but the scope, intent, and methods of Russian operations in 2016 are plainly documented. The Washington Post notes that it's not just Russia. Other countries, especially Iran, have also gotten into the business.
City Power, the electrical company that serves Johannesburg, was hit by ransomware, News24 reports. The attack on the South African utility didn't cause a power failure, but it did disrupt customer-facing business operations.
The Governor of Louisiana has declared a state of emergency in response to ransomware attacks on three Louisiana school districts.
The Verge and others explain how to apply for Equifax breach compensation. Don't expect too much.
Today's issue includes events affecting Brazil, China, Egypt, France, Germany, Iran, Israel, Jordan, Nigeria, Qatar, Russia, Saudi Arabia, South Africa, Tunisia, United Arab Emirates, United Nations, United States, and Venezuela.
Bring your own context.
Lessons from the Nansh0u cryptominer.
"Most of these - the binaries we saw - were not known online. And this complicates detection, because most security vendors that look at binaries - I'm talking about, let's say, antivirus companies or EDR companies - they look at endpoints. They look at laptops, mobile devices, which have the highest attack surface. But this means that the malware that's targeting servers is still a very open field. Even common attacks are not detected until they're widespread, or in this case, that we see them, because we really focus only on server malware."
—Daniel Goldberg of Guardicore Labs, on Research Saturday, 7.20.19.
Crooks or spies? Or crooks with some security service kit? It's been tough to tell these days.
And, by the way, on an unrelated note, happy Sys Admin Appreciation Day, and a cheerful wave to sys admins everywhere.
The source of the linked story in this edition, "Security of Election Announcements," has been corrected to "Superior Court of California, County of San Mateo."
With LookingGlass, it’s Game Over For Threat Actors
There are many weapons to choose from when it comes to cybersecurity solutions providers – and you must choose wisely. With LookingGlass Cyber Solutions as your security provider, its “Game Over” for threat actors trying to infiltrate your network. To learn more about our solutions, visit our experts at the LookingGlass Network & Chill Lounge, Mandalay Bay South, Palm A on level 3, August 7 & 8. Take a break from the hectic show floor for old school video games, happy hour from 3-7 PM, and a demo tailored to your organization’s security needs.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Codenomicon August 6 Skyfall Lounge Las Vegas(Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cryptocurrency site leaked unencrypted user credit cards(TechCrunch) A cryptocurrency loan startup exposed reams of customer credit cards and user transactions for almost a month — because it forgot to protect the server with a password. Security researchers Noam Rotem and Ran Locar found the database belonging to YouHodler, a lending platform designed for cryptocur…
BlueKeep Exploit on Sale, Now We Wait(Decipher) What a week for BlueKeep watchers. Chinese-language slide deck appears on GitHub with details on how to use the BlueKeep vulnerability, Immunity includes a working exploit in its penetration testing kit, and the WatchBog cryptocurrency-mining botnet now has a scanner looking for vulnerable Windows machines with Remote Desktop enabled.
Immunity selling new BlueKeep exploit, defends decision(SearchSecurity) Immunity Inc. is selling a full RCE BlueKeep exploit module as part of a pen testing tool and the company's CEO Dave Aitel defended the decision by saying a proper exploit is necessary to demonstrate the risk and consequences of an attack.
VPN providers address vulnerability findings by researchers(Techxplore) Virtual private networks (VPNs) are engineered to encrypt traffic between points on the internet. As Computing put it, they extend a private network across a public network, "often used to enable staff working remotely to access resources on their organisation's corporate network."
Why Hackers Abuse Active Directory(GovInfo Security) Warning: Attackers are abusing poorly secured and managed implementations of Microsoft Windows Active Directory to hack organizations and distribute ransomware.
Possible second cyber attack crippling another Mobile company(WPMI) NBC 15 has been alerted about a second possible cyber-attack crippling another local company. Wednesday, Mobile Police officials confirmed Springhill Medical Center has fallen victim to a ransomware attack. Now an employee at a big steel plant in axis tells NBC 15 they are targeted too. Your job compromised in a moment’s notice by something you had nothing to do with. “It’s unthinkable,” the employee said. An employee from Blastech Mobile says hackers came after them last week.
Google Pitches to Baltimore after Ransomware Attacks(Government Technology) Frank Johnson, the head of the city’s IT department, told members of a city commission that he didn’t think switching from Microsoft was worth it due to the exorbitant cost of transitioning to a new technology.
Symantec: Moving On(Seeking Alpha) The deal between Symantec and Broadcom is unlikely to happen. Management believes the stock isn't worth less than $28/share. Investors stand to gain more if Symantec remains public as the company is well-positioned to ride the growth in the cybersecurity market. A 40% premium to June's valuation seems enticing but cheap compared to the future value that can be unlocked if the company stays public.
CrowdStrike Is Priced Like A Superstar(Seeking Alpha) CrowdStrike annual revenue growth is over 100%. The share price has gone up 2.5x in 1 1/2 months since IPO and my relative valuation analysis suggests that the share price is overvalued. Gartner's peer reviews suggests that CrowdStrike is preferred over Cylance and Carbon Black for endpoint security solutions. I expect that there will be a dip in share price or pause in share price growth in the next 6-12 months due to insider lockup expiration.
CrowdStrike: Too Much Hype(Seeking Alpha) CrowdStrike continues soaring to new highs following a hot IPO. The cloud security provider now trades at nearly 30x FY21 revenue estimates of only $624 million. Revenue growth is forecast to decelerate to below 50% next year. Diminished returns typically occur for stocks with premium valuations and decelerating growth.
Mimecast: This Cybersecurity Company Is En Route To Stardom(Seeking Alpha) Mimecast is an industry leader in Enterprise Email Security and Archiving. New products and impeccable "Land & Expand" execution have led to financial success. Management's financials responsibility has this company one the verge of profitability.
Netskope Announces Enhancements to Build The World’s Most Secure, Performant Cloud Network(Netskope) New offering delivers low-latency infrastructure for all Netskope market-leading cloud and web security products to enhance enterprise protection worldwide SANTA CLARA, Calif. – July 25, 2019 – Netskope, the leader in cloud security, today announced Netskope NewEdge, the globally distributed network infrastructure that enables the Netskope cloud-native security platform to deliver real-time security without the …
Next-Gen Code Signing(Venafi) Enterprises protect their software assets by code signing them. But many may not be taking necessary steps to protect their code signing process, as demonstrated by recent thefts of credentials. We help you secure all private keys, automate code signing workflows, and maintain an irrefutable record of all code signing activities.
Cyber Threat Intelligence: Not for the Faint of Heart(Forbes) Cyber threat intelligence (CTI) offers real value to security teams. I established that in my last article, Introduction to Cyber Threat Intelligence: What Can It Do For You? But I would be remiss if I didn’t highlight the challenges companies encounter as they attempt to tap that value.
U.S. Sanctions Compliance Fines Hit Decade High (Wall Street Journal) Fines issued by the U.S. regulator enforcing sanctions compliance have hit a decade high at a time when the Trump administration is increasingly using sanctions as a foreign policy tool.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Smoky Mountain Bigfoot Conference(Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...
Cyber:Secured Forum 2019(Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...
Community College Cyber Summit (3CS)(Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...
New York City Cybersecurity Conference(New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
IT & Cyber Day at Aberdeen Proving Ground(Aberdeen, Maryland, USA, August 1, 2019) Aberdeen Proving Grounds (APG) provides technology life cycle management for the US Army and the various commands involved in the fielding and closeout of their technologies. The Cyber and IT Day expo...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.