Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
June 27, 2019.
By the CyberWire staff
Military Times says the US cyber operations against Iran last week remains obscured by the "fog of war," as Iran denies the attacks had any effect, and some US officials say (on background) that yes, they did.
Refined Kitten, also known as Elfin or APT33, appears to have shifted its tactics after Symantec reported on the Iranian threat group's operations against Saudi targets. Recorded Future has observed the group shelving most of the domains it had used, and registering some 1200 new ones. About half of the newly-established domains are connected with StoneDrill, an upgraded Shamoon wiper.
Refined Kitten has shown an increased preference for commodity malware tools, especially remote-access Trojans. This is a sign of sophistication, not frugality or desperation: among other advantages, using commodity malware can render attribution murkier. APT33 also uses organizations outside the scope of their declared purposes, and the Nasr Institute, which Ars Technica describes as an organization that oversees Iran's computing and networking, seems to be one of Tehran's cyberattack crews.
Silex malware, which bricked large numbers of IoT devices until its command-and-control server went down yesterday afternoon, seems to be the work of three teenagers, Bleeping Computer reports, who glory in the noms-de-hack "Light The Leafon" (or "Light The Sylveon"), "Alx," and "Skiddy." Akamai looked at Silex and found that it worked against default passwords. The motive seems to have been a form of snobbery. The hackers wanted to preempt tiresome skids from exploiting poorly protected IoT devices for cash and bragging rights.
Today's issue includes events affecting Belgium, China, Germany, Iran, Russia, Saudi Arabia, South Africa, United Arab Emirates, United Kingdom, United States.
Bring your own context.
Devil's pacts and allies of opportunity as Russia, Iran, and the US jockey for escalation dominance in cyberspace.
"So the Russians and Iranians are allied in certain areas of common interest. Militarily, I think that the alliance has been maybe a bit less pronounced and fairly weak, but, of course, in any time of conflict, that can change radically."
—Sergio Caltagirone, head of threat intelligence at Dragos, on the CyberWire Daily Podcast, 6.25.19.
Proverbially, the enemy of my enemy is my friend...sort of....
Modernizing security analytics and operations with SOAPA.
Security operations is held back by the compromises of existing security analytics solutions, and throwing more money and time at the problem isn’t helping. Instead, you are left dealing with an army of point tools, exponential data growth, lack of context... the list goes on.
It's time to take a new approach to security analytics - explore how Devo can help evolve your SOC in this report by ESG.
And Hacking Humans is up. In this episode, "Be wary of all emails," Dave shares the story of one Katie Jones, the fake online persona used to gain the confidence of high-status individuals. Joe describes the tragic case of Christine Lu, a Harvard Medical professor who was scammed out of her life savings. The Catch of the Day warns recipients not to trust the FBI. Carole Theriault interviews Akamai's Larry Cashdollar about scammers using Google Translate to obfuscate web sites.
RSA Conference 2019 Asia Pacific & Japan(Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Companies on Watch After US, Iran Claim Cyberattacks(Dark Reading) With the cyber conflict between the United States and Iran ramping up, companies traditionally targeted by the countries - such as those in the oil and gas and financial industries - need to bolster their security efforts, experts say.
Google’s security efforts are falling short on mobile(Wandera) Google has enjoyed a long history of providing software that is aimed at protecting customers online. Google’s program for eradicating online threats involves the use of both manual and automatic scanners to trawl the internet to locate websites involved in phishing or malware activities.Part
The Rise of Silence and the Fall of Coinhive(Dark Reading) Cryptomining will exist as long as it remains profitable. One of the most effective ways to disrupt that activity is to make it too expensive to run cryptomining malware in your network.
Two US cities opt to pay $1m to ransomware operators(Posilan Ltd) A few days apart, two cities in Florida cave in to extortionists’ demands in hopes of restoring access to municipal computer systems To pay or not to pay ransomware attackers? And if I do pay up, will I get my data back? These have been some truly pressing questions not only for ransomware victims and, …
A third of companies would rather pay a hacker’s ransom, research reveals(PrivSec Report) The Risk:Value Report 2019, by NTT Security, examined the attitudes of more than 2,200 non-IT decision makers to risk and value of cybersecurity to the business across 20 countries. The findings revealed cybersecurity threats are at the top of the agenda for business leaders, with cyber attacks (43%) on the top, followed by data loss …
Security Patches, Mitigations, and Software Updates
Google delivers new G Suite security tools(Help Net Security) Google has announced several new security tools for G Suite admins and users, as well as a new 2FA option: one-time security codes based on security keys.
Employees Within Hospitality Industry Are The Most Prone To Phishing Attacks(Information Security Buzz) Today, KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released its Phishing By Industry Benchmarking Report 2019 which found, amongst large organisations, those within the Hospitality industry have the highest Phish-Prone Percentage (PPP) of 48 percent and were the most likely to fall victim to a phishing scam. In comparison, employees …
EZShield unveils new name as combined company with IdentityForce(Maryland Daily Record) EZShield and IdentityForce will be combined under a new name -- Sontiq -- the two cybersecurity companies announced Wednesday. Maryland-based EZShield acquired the Massachusetts-based Identity Force last year. The new combined company will be based in Nottingham, Maryland.
Christopher Bailey appointed CEO of NuData Security(MasterCard Social Newsroom) NuData Security today announced that Christopher Bailey, senior vice president and chief technology officer, has been appointed CEO of NuData and executive vice president of EMV/Digital Devices at Mastercard. Christopher’s appointment follows the retirement of Michel Giasson, who served as CEO of NuData for the last 12
CIS Controls Internet of Things Companion Guide(Yahoo) New Resource Helps Organizations Apply the CIS Controls to the loT EAST GREENBUSH, N.Y. , June 27, 2019 /PRNewswire/ -- Internet of Things (IoT) devices aren't just invading our homes; these smart, connected ...
Get the Lowdown on the Logos!(Wicked6 Cyber Games) Now that June has arrived, the Wicked6 team has shifted into high gear. This month marks the start of the Wicked6 tournament, and we’ve already passed many milestones.
OPINIONISTA: South Africa takes a quantum leap and joins the race(Daily Maverick) Quantum technologies are exploding and no longer the purview of laboratory experiments only. The race is on for governments and private industries to adopt its most promising and robust ideas into applications. Already a billion-pound (R18-billion) industry in the UK, most developed countries and a few BRICS states have already invested millions of euros in quantum technologies. Should South Africa follow suit?
China to Insist U.S. Lifts Huawei Ban as Part of Trade Truce(Wall Street Journal) Chinese President Xi Jinping plans to present President Trump with a set of terms the U.S. should meet before Beijing is ready to settle a market-rattling trade confrontation, raising questions of whether the two leaders will agree to relaunch talks.
CIOs See End of ‘AI Gone Wild’ in Congressional Hearings(Wall Street Journal) Chief information officers this week are keeping a close eye on federal hearings concerning misinformation and malicious activity in social media—fearing a broader regulatory clampdown on the use of artificial intelligence.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
PCI SSC 2019 Europe Community Meeting(Dublin, Ireland, October 22 - 24, 2019) The PCI Security Standards Council’s 2019 Europe Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry effort...
PCI SSC 2019 Asia-Pacific Community Meeting(Melbourne, Australia, November 20 - 21, 2019) The PCI Security Standards Council’s 2019 Asia-Pacific Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry...
GovSummit(Washington, DC, USA, June 26 - 27, 2019) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...
5th Annual Cyber Security For Defense(Washington, DC, USA, June 26 - 28, 2019) Three days of engaging topics, workshops, case studies, and peer-to-peer networking from across the DoD and greater Intelligence Community. Featured topics include cloud security, blockchain, C4I security,...
Tampa Cybersecurity Conference(Tampa, Florida, USA, June 27, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
INTERPOL World 2019(Singapore, July 2 - 4, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...
Minneapolis Cybersecurity Conference(Minneapolis, Minnesota, USA, July 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.