skip navigation

More signal. Less noise.

Impossibly simple microsegmentation in 1 click

If we can land rockets on a barge, if we can search 30 trillion web pages in mere seconds, if cars can drive door to door autonomously, why does microsegmentation still take months to implement and cause so many headaches? Edgewise has radically simplified microsegmentation to one click, using machine learning and zero trust security:

  • Eliminate network attack surface in your hybrid cloud
  • Protect critical business applications
  • Get provable security outcomes

Try Edgewise’s 1-click auto-segmentation now.

The Week that Was.

ICS threat update: Xenotime probes the power grid.

The North American Electric Reliability Corporation issued a non-public warning that Xenotime, hitherto seen in the oil and gas sector, has been conducting reconnaissance against electrical utilities (E&E News). The warning is based on research by Dragos, which says the "activity group" behind Trisis/Triton should be taken seriously but not overhyped: so far the evidence suggests reconnaissance, not yet compromise. 

Border protection breach.

Photos of tens of thousands of travelers and license plates taken by US Customs and Border Protection (CBP) were stolen from a subcontractor who had collected and stored them without permission, CBP said Monday (TechCrunch). CBP isn't saying who the subcontractor is, but the Washington Post believes it was Perceptics, based on the title of the Word document CBP sent to the Post. Perceptics was hacked last month by "Boris Bullet-Dodger," who dumped hundreds of gigabytes of company files to the dark web (Motherboard). As the Register noted, Perceptics probably handles a lot of sensitive information. It's unclear if the hacks are related, and CBP says it hasn't seen any stolen photos on the dark web (Atlantic).

Make smarter decisions and move faster to block adversaries.

Understand how you can make smarter decisions to move faster — both by blocking an adversary and disrupting them altogether — by using orchestration with intelligence in this free white paper: Smarter = Faster: Security Orchestration with Threat Intelligence. You’ll learn how to automatically alert, block, and quarantine based on relevant threat intel as well as how to increase the accuracy, confidence, and precision of your security operations.

Novel influence operation: Fishwrap.

Recorded Future this week described "Fishwrap," which they regard as a new approach to influence operations. Fishwrap's distinctive contribution to the murky art of info ops is its repackaging of old news as fresh news, thus giving lies their now customary bodyguard of truth. The stories themselves don't appear to be altered, and even retain their original dates, but a flurry of tweets distributing a discreditable story from, say, 2016 gives old news fresh impact. Fishwrap generally doesn't violate platforms' terms of service, where such terms of service are clear enough to draw a bright line around disinformation. Recorded Future associated shortened URLs and tracking links, but such trails go cold quickly. No attribution yet, but Fishwrap's extent and duration suggest the work of a nation-state, not skids doing it for the lulz.

Fakes: shallow, deep, or middling.

A fictitious persona, "Katie Jones," is seeking connections on LinkedIn (AP). The fictional Ms Jones may be a catphish an intelligence service deployed to troll for recruits. The incident recalls 2010's Robin Sage experiment. Ms Jones, however, represents an advance over Ms Sage in that her persona seems to have been built with the aid of artificial intelligence. The picture is pure fake, whereas Robin Sage's headshot was stock imagery. LinkedIn has become an important approach tool for Chinese intelligence (CyberScoop).

Conduct secure and anonymous research on the open and dark web.

If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.

Malware versus municipal governments.

Baltimore continues its long, hard crawl back from the RobbinHood ransomware attack it sustained on May 7th. More than a month later, the city was pleased to report that 65% of its employees had their email access restored, which means that 35% haven't been so favored. The 35% remnant may come back sometime next week (WJZ 13). The attack had considerable impact on both city operations and commerce. Home sale closures in May were down 20% from May 2018; observers attribute the dropoff to the attack's disruption of title transfers (Daily Record).

Luzerne County, Pennsylvania, is undergoing a similarly protracted recovery. Malware of some unspecified kind was discovered in courthouse systems on May 21st. Emergency services were unaffected, but several human service departments remain offline (Government Technology). Elsewhere in Pennsylvania, and also on May 21st, court networks in Philadelphia were also hit by an unspecified strain of malware, with disruption to normal operations (Verge).

Burlington, Ontario, is recovering from a successful phishing expedition (Global News).

Register for RSA Conference 2019 Asia Pacific & Japan today!

Join industry leaders and peers at the region’s leading cybersecurity event, 16 – 18 July at the Marina Bay Sands in Singapore. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.

The Huawei Affair.

Huawei's sales are slowing under pressure of US sanctions (Wall Street Journal) and the company has decided to delay the launch of its new laptop (Wall Street Journal). In a gesture toward self-sufficiency, Huawei has trademarked its home-grown OS (Engadget),

Huawei told the UK's Parliament Monday that the company wasn't bound by Chinese laws requiring cooperation with Beijing's intelligence and security services (New York Times). In fact, the company's representative, Global Cyber Security Officer John Suffolk, went so far as to deny that any such laws applied to Huawei (CNN). His testimony was received with considerable skepticism (CNN). Most observers think the contention disingenuous: the National Intelligence Law of 2017 enjoins exactly such cooperation, as do several other related laws enacted over the past decade. And China tends to regard law as the servant of state policy, not a constraint upon it.

Have Your Users Made You an Easy Target for Spear Phishing?

Many of your organization’s email addresses and identities are exposed on the internet, and are easy for cybercriminals to find. With email’s enormous attack surface, cybercriminals are able to launch potentially devastating social engineering, spear phishing and ransomware attacks on your organization. Try KnowBe4’s Email Exposure Check Pro for free today, and see how you can identify the at-risk users in your organization by crawling business social media information and hundreds of breach databases.

DDoS coincides with Hong Kong protests.

Telegram "stabilized" its service Wednesday after sustaining a very large distributed denial-of-service attack (Reuters). The DDoS attack traffic originated largely from Chinese IP addresses, and circumstantial evidence points to Chinese government attempts to disrupt the use of the secure messaging service by protesters in Hong Kong demonstrating against controversial legislation that would facilitate extraditions to China proper from the semi-autonomous city (Bloomberg). Hong Kong residents fear surveillance by the Chinese government, and many are going "digitally dark" during the unrest (SecurityWeek).

Patch news.

Microsoft patched eighty-eight vulnerabilities Tuesday, twenty-one of them classified as critical. Four of the fixes, BleepingComputer notes, appear to address vulnerabilities reported by SandboxEscaper (described by Threatpost here and here). Adobe also patched as expected, fixing issues in its Flash, Cold Fusion, and Campaign products (SecurityWeek).

Crime and punishment.

Daniel Kelley, convicted of eleven charges related to hacking, including the TalkTalk hack of 2015, will serve four years of detention at her Majesty's pleasure (Computing).

The military judge in the court martial of US Navy SEAL Edward Gallagher found that the Navy prosecutors acted improperly by using email tracking software in communications with defense counsel and news media. The judge, Captain Aaron Rugh, dismissed the lead prosecutor, Commander Christopher Czaplak, for his role in the incident. Captain Rugh didn't dismiss murder and attempted murder charges against Chief Gallagher, but he limited the penalty that might be imposed to life with parole. (Washington Post).

Courts and torts.

At least nineteen class action suits against the three companies involved in the breach of patient data have been filed in US state and Federal courts. The breach occurred at third-party collection service provider American Medical Collection Agency. The companies whose data were affected are Quest Diagnostics and LabCorp (BleepingComputer).

Policies, procurements, and agency equities.

The US appears ready for a more assertive posture in cyberspace. National Security Advisor John Bolton noted that much of the US action in cyberspace had been devoted to dealing with, and deterring, election interference. That's changing. "We're now opening the aperture," he said, "broadening the areas we're prepared to act in." That wider aperture is broad enough to encompass foreign industrial espionage. This represents an evolution of the longstanding American strategy to impose costs on adversaries. As Bolton put it, the US has decided "to say to Russia or anybody else that’s engaged in cyberoperations against us, you will pay a price. If we find that you’re doing this, we will impose costs on you until you get the point that it's not worth your while to use cyber against us" (Wall Street Journal). 

Hitherto the costs imposed for theft of IP have been a mix of naming-and-shaming, indictments, and sanctions. Action in cyberspace proper has not figured prominently in the US response to economically motivated espionage, although it has been used in other cases, most recently during the 2018 midterm elections against Russian troll farmers. The Washington Post consulted various security industry figures and found a consensus of cautious approval. They acknowledge that US cyber counteroffensives will probably generate “blowback” from the opposition, and that US companies should be prepared. But once you've named, shamed, sanctioned, and indicted, you may want another escalation option if the opposition remains undeterred.

The US Congress is taking yet another look at legislation that would authorize a kind of hacking-back marque and reprisal (Washington Post).

Fortunes of commerce.

Analysts see a growing push toward consolidation in the cybersecurity sector (Fortune). One trend that may work in the opposite direction is the possibility that Big Tech companies might break themselves up, under their own terms, before antitrust regulators do it for them (WIRED). The security industry isn't in the sights of trustbusters, but their Big Tech quarry does dispose of significant security resources, and of considerable influence on the sector.

Apple has for some time been seen as uniquely vulnerable to Chinese retaliation over US blacklisting of Huawei (WIRED). Should Sino-American trade relations turn uglier, Foxconn has quietly let the world understand that it's capable of supplying Apple with components made entirely outside of China, no problem (AppleInsider). Apple has apparently been thinking this through with Foxconn, and it seems that manufacturing capacity could shift to India (Phone Arena).

Google is also planning to move manufacturing from China to Taiwan, but Mountain View's plans seem motivated more by a desire to avoid expected US tariffs than by concerns about either security or Chinese retaliation against US blacklisting (Bloomberg).

The University of California Irvine's Cybersecurity Policy and Research Institute, in partnership with the US Commercial Service and the California State Trade Expansion Program, will host a cybersecurity trade mission to Southeast Asia in late September and early October.

A new syndicate fund, Inner Loop Capital, has been established in the Baltimore-Washington area by Bessemer veteran Justin Label (Yahoo).

GE Ventures, investment arm of the struggling industrial giant, is shopping its portfolio of one-hundred start-ups to buyers it hopes will find them interesting (CNBC).

Labor markets.

The IT labor market is undergoing its own cycle of creative destruction. Older classes of jobs (mostly those related to legacy in-house systems) are being phased out and replaced by cloud-centric, data analytics, and AI work. There are far more new jobs being created than there are old ones being eliminated, and IT unemployment in May hit 1.3%, lowest in twenty years (Wall Street Journal). That's small comfort, of course, if you're in one of those legacy jobs, and a number of large technology companies have been laying off workers as they restructure. IBM is the latest one to do so, cutting 1700 jobs worldwide (Yahoo). Do remember, hiring managers, that a lot of good people lose their jobs in such restructurings. Give them a look.

Businesses are considering crowdsourcing as a partial answer to security labor shortages (PYMNTS).

Mergers and acquisitions.

Raytheon and United Technologies have agreed to a merger. Early reports, like this one in MarketWatch and this one in Barron's, characterized the agreement as an acquisition of Raytheon by United Technologies, but as the story has developed "merger of equals" has become the characterization. The combined company will be called Raytheon Technologies. The new company will become, in terms of preliminary estimations of market cap, the world's second-largest defense and aerospace integrator, behind only Boeing. (Note that "aerospace" includes civilian aerospace.)

Observers think it unlikely that the merger will draw antitrust scrutiny, since Raytheon and United Technologies don't directly compete in many markets, but some uneasiness about the deal has been expressed within the US Administration (Wall Street Journal). Some units not directly relevant to those markets, notably United Technologies' Carrier (HVAC) and Otis (elevators), will be spun out. The future of the two companies' security units is unclear, but the new company's investor prospectus does list "cyber protection" for commercial aerospace as one of the complementary capabilities Raytheon brings to the merger. Raytheon owns cybersecurity company Forcepoint; United Technologies owns security provider Lenel.

Salesforce's acquisition of Tableau in a $15.7 billion deal represents a CRM and data analytics merger will complex security implications: the company will handle a tremendous quantity of sensitive data. As ZDNet points out, the acquisition suggests that Salesforce has ambitions outside its core CRM market.

VMware intends to buy Avi Networks, which specializes in balancing application delivery (TechCrunch).

Thales has acquired Psibernetix for its deployable, computationally efficient, explainable artificial intelligence technology (Newswire Today).

Jacobs completed its acquisition of KEYW this week. KEYW is being integrated into Jacobs's Aerospace, Technology, and Nuclear line of business (GovConWire).

Investments and exits.

CrowdStrike's long anticipated IPO (trading as CRWD on the Nasdaq) went very well indeed. The company began Wednesday with an initial market cap of roughly $6.7 billion (Silicon Valley Business Journal), and that value increased by more than 70% over that first day's trading to finish north of $11 billion (CNBC). CEO George Kurtz says he's unsurprised to see CrowdStrike do so well, since as he put it they've built "the Salesforce of security" (TechCrunch).

KnowBe4 announced Wednesday that it had received $300 million in a funding round led by KKR, with "significant participation" by existing investors Elephant and TenEleven Ventures. The investment round puts KnowBe4 into the unicorn category (SecurityWeek).

Vectra has secured a $100 million Series E investment. TCV led the round with participation by existing investors. Vectra intends to use the investment to further develop its application of artificial intelligence to network traffic (TechCrunch). Vectra's principal competitor is seen as the established industry leader, Cisco (Silicon Valley Business Journal).

Massachusetts-based Edgewise Networks has raised $11 million in funding. .406 Ventures and Accomplice led the Series A round (BusinessWire). The company announced the funding in conjunction with its launch of 1-click autosegementation (Edgewise).

Privitar, a data privacy shop with operations headquartered in Boston and London, has raised $40 million in a Series C round. It intends to use the funding to expand global operations as it assists customers with GDPR and California Consumer Privacy Act compliance. Accel led the round; existing investors Partech, Salesforce Ventures, 24Haymarket and IQ Capital also participated (Built in Boston). 

Fireblocks emerged from stealth this week with a $16 million Series A round. Investors included Fidelity unit Eight Roads and blockchain investment specialists MState. Fireblocks (with headquarters in Tel Aviv and New York) specializes in securing cryptocurrency transactions (Forbes).

Orca Security has received $6.5 million in a seed funding round led by YL Ventures. Orca specializes in cloud visibility (BusinessWire).

Paris-based Vade Secure has concluded a €70 financing agreement with General Catalyst. Vade Secure, which operates internationally, specializes in the application of artificial intelligence to predictive email security (PRNewswire).

CybeReady, whose fully managed and automated cybersecurity training system has been in European markets for four years, entered the North American market this week with a $5 million investment from Baseline Ventures (PRNewswire).

SignalFX raised $75 million in a Series E round. The investment was led by Tiger Global Management with participation from existing investors Andreessen Horowitz, CRV, and General Catalyst. The company intends to use the investment to increase its presence in the realtime cloud monitoring market (VentureBeat).

Spring Labs, which applies blockchain technology to securing financial transactions, raised a $23 million Series A round led by GM Ventures (Built in Chicago).

Cyber risk-estimation shop SecurityScorecard has raised $50 million in a Series D round. Riverwood Capital led the investment. Other participants included Intel Capital, Evolution Equity, Two Sigma, Axa Ventures, and Accomplice (VentureBeat).

And security innovation.

Virginia Tech has chosen a location for its Innovation Campus: it will land at Potomac Yards, just outside the District of Columbia in Northern Virginia (Washington Post).

Notes.

Today's issue includes events affecting Canada, China, India, Russia, Taiwan, United Kingdom, United States.

Research Saturday is up. In this episode, "Apps on third-party Android store carry unwelcome code," we hear from researchers at Zscaler who've been tracking look-alike apps in third-party Android app stores that carry malicious code. Deepen Desai, Zscaler's vice president security research and operations, joins us to share their findings.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.