Gain helpful tips from industry experts. Get all 5 chapters of the insider's Guide to Incident Response in 1 eBook! Download your free copy today!
March 6, 2019.
RSA Conference 2019
Inaugural Launch Pad highlights three early-stage start-ups.
In what emcee Hugh Thompson called "an opportunity to see inside the start-up pitch room," three early-stage companies each received five minutes to sell themselves to a panel of venture capitalists. The event is expected to become a regular feature of the RSA Conference.
The three companies were NuID (which uses zero-knowledge proofs and a blockchain to deliver trustless authentication), Spherical Defence (which offers an alternative to rule-and-signature-based systems), and Styra (whose solution provides "guardrails" for developers working in kubernetes). The pitches were all fluent and attractive to at least one or more of the panelists. The principal lessons on display were the importance of showing differentiation and of offering hard evidence for a solution's ability to deliver on its promises.
Cyber conflict, as seen from Fort Meade.
Yesterday, near RSAC, we were able to attend a breakfast session sponsored by Maryland’s Department of Commerce. Their speaker was Rob Joyce, who currently serves as Senior Advisor for Cybersecurity Strategy to the Director of the US National Security Agency. Joyce outlined a shift in cyberattcks: they’ve moved from theft of secrets, cyber espionage, toward becoming a means of imposing national will. He sees four trends. First, high-end threat activity has become more sophisticated. Second, the level of expertise needed to operate as a significant threat is declining. Third, cyber conflict is moving from exploitation to disruption. And fourth, information operations increasingly leverage what Joyce called a “cyber grey space.”
To survive in this emerging world, Joyce advocated building on a sound, solid foundation of the basics. We need good cyber hygiene, sound configuration, effective patching, those sorts of things. And laying this kind of foundation is in his view a long-term investment that requires coordinated investment in education and training.
It's not all about enterprises attending to the basics. In response to a question, Joyce discussed a place for offensive cyber operations, which he said were and must remain an inherently governmental responsibility. The US Government has now taken what he called a “more proactive, aggressive” stance with its doctrine of continuous engagement. The US is now willing to introduce some friction into the adversaries’ operations, and has shown the ability to do so.
Cyber conflict, as seen from CISA.
Christopher Krebs, who leads the Cybersecurity and Infrastructure Security Agency (CISA) at the US Department of Homeland Security shared his agency’s perspective on the current state of the threat nation-state adversaries pose in cyberspace. CISA is focused on (“of course,” as Krebs said) on the big four actors: Russia, China, Iran, and North Korea.
CISA functions, Krebs explained, as “the nation’s threat advisor,” not its threat manager, because most infrastructure in the US is owned by the private sector. CISA seeks to “understand, share, and act."
And the difference between a hurricane and climate change.
There is no shortage of warnings about all four of the major nation-state adversaries, but both NSA’s Joyce and CISA’s Krebs were agreed on which of them was the biggest threat to the US. It’s China, they said at a joint appearance moderated by Columbia University’s Jason Healey.
We worry about Russia using its cyber power to degrade others, Joyce said. But China projects power to build itself up. If Russian cyber operations are like a hurricane, China’s are like climate change. Beijing is playing a long game, and we know its goals: Made in China 2025 has outlined them with some clarity.
The US and China are now clearly competitors, having moved beyond several decades of economic engagement in which both countries perceived advantages. “Forty years of engagement,” Krebs said, “have just expanded the attack surface.” The threat to the US is poised to increase with the coming deployment of 5G technology and the pervasive connectivity it will bring. The risk that will accompany 5G, Joyce said, isn’t fundamentally a risk of the confidentiality of the information that technology will carry. It’s much more extensive: the risk lies in all the devices we’ll connect to it, and in the unforeseeable ways in which we’ll innovate on that new fabric.
By the CyberWire staff
The US isn't alone in its concerns over a prospective Chinese role in 5G networks. Former Prime Minister of Australia Malcolm Turnbull strongly warned Britain against using Huawei’s equipment in its 5G network, the Sydney Morning Herald notes. In a speech given in London last night, Turnbull said Australia's decision to ban Huawei was based on advice from the country's own intelligence agencies, and not because of external pressure from the US. He added that it "beggars belief" that none of the Five Eyes countries has a leading 5G vendor.
Symantec published a report today on the group behind last year's SingHealth data breach. The group, which they've dubbed "Whitefly," primarily targets Singapore, although links to attacks in other nations suggest that it may be part of a larger intelligence gathering operation. A Symantec spokesperson told Reuters that they believe it's a state-sponsored espionage group, but they're not certain which state it's working for.
Intel CPUs are vulnerable to a new flaw stemming from speculative execution, the Register reported yesterday. Researchers from the Worcester Polytechnic Institute and the University of Lübeck released a paper on Friday outlining the vulnerability, which they call "SPOILER." The vulnerability affects all Intel core processors and will require hardware mitigations, so a patch will likely take years.
The US NSA hasn't used its domestic phone surveillance program to track links to foreign threats for about six months, and it's not clear that the Administration will seek renewal of the program at all (New York Times).
What if you could augment your security team by adding zero staff?
Cylance’s industry-leading security experts analyze your cybersecurity requirements and design solutions that meet and often far exceed objectives. Cylance secures our clients quickly using years of hard-won expertise, and world class artificial intelligence. Let Cylance help you achieve a state of ThreatZero, bolster your organization’s security posture, and zero in on what really matters.
ON THE PODCAST
In today's podcast, out later this afternoon, we hear from our partners at Accenture, as Justin Harvey discusses results from their Costs of Crime report, as well as observations from RSAC. Our guest is Gerald Beuchelt from LogMeIn with info from their latest password survey.
XM Cyber is coming to RSA(San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.
OSSEC Con2019(Herndon, Virginia, United States, March 20 - 21, 2019) OSSEC Con2019, “The Future of OSSEC: Security and Compliance for Cloud, On-Premise and Hybrid Environments” will take place March 20-21 in Herndon, VA. Join OSSEC users to share best practices and use cases with plenty of peer-to-peer networking.
TLS Markets Flourish on the Dark Web(Threatpost) The certificates are often paired with ancillary products, like Google-indexed “aged” domains, after-sale support, web design services and even integration with a range of payment processors.
AttackIQ and BlackBerry Cylance Join Forces to Deliver Enterprise Endpoint Security Validation(AttackIQ) AttackIQ™, a leader in the emerging market of continuous security validation,today announced a partnership with BlackBerry Cylance BlackBerry Cylance, a business unit of BlackBerry Limited (NYSE:BB: TSX:BB), to enable organizations to validate that their endpoint security solutions are deployed correctly and conﬁgured optimally, ensuring continuous protection against the latest threats.
RSAC Day 1 Theme: People And Tech Are ‘Better Together’(Cyber Security Hub) As the stage lighting turned up and the attendees settled down in their seats, there was a buzz of positivity in the air at the 2019 RSA Conference stage. The theme of this year’s conference is quite simply put as “Better.”
UPnP-enabled Connected Devices in the Home and Unpatched Known Vulnerabilities(Trend Micro) Many devices such as cameras, printers, and routers use UPnP to make it easy for them to automatically discover and vet other devices on a local network and communicate with each other for data sharing or media streaming. UPnP works with network protocols to configure communications in the network. But with its convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections. We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices.
Fake HSBC payment details delivers Agent Tesla(My Online Security) A compromised site we saw yesterday delivering Hawkeye keylogger /Infostealer is being used today in an Agent Tesla campaign. I am not 100% positive it is the same bad actors involved but the…
CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers(BleepingComputer) A new CryptoMix Ransomware variant has been discovered that appends the .CLOP or .CIOP extension to encrypted files. Of particular interest, is that this variant is now indicating that the attackers are targeting entire networks rather than individual computers.
IDenticard PremiSys (Update A)(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.8ATTENTION: Exploitable remotely/low skill level to exploit/vulnerability details have been publicly disclosedVendor: IDenticardEquipment: PremiSysVulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Password, Inadequate Encryption Strength2.
Rockwell Automation RSLinx Classic(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 10.0ATTENTION: Exploitable remotely/low skill level to exploitVendor: Rockwell AutomationEquipment: RSLinx ClassicVulnerability: Stack-based Buffer Overflow2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target device.
Exposed IoT Automation Servers and Cybercrime(Trend Micro) In our latest research we tested possible threat scenarios against complex IoT environments such as in smart homes and smart buildings. A significant part of it also involved a look into exposed automation platforms or servers.
CMS hackers focus on WordPress(SC Media) WordPress continued to be the most attacked content management system (CMS) attracting an even higher percentage of CMS centered cyberattacks in 2018
Medical Center Data Leak May Have Exposed 45K Patients(Government Technology) A file shared by an employee with one of Chicago Rush Medical Center’s billing processing vendors may have exposed the personal information of thousands of patients. The incident happened in May 2018.
Gemalto Expands Cloud HSM On Demand Solutions(Financial Post) SafeNet Data Protection On Demand cloud platform now offers HSM On Demand to secure CyberArk Privileged Access Management, Oracle Transparent Data Encryption, and Hyperledger Blockchain Transaction…
Sheepl 2.0: Automating People for Red and Blue Tradecraft(Trustwave) When I first released Sheepl 0.1 in September 2018 as part of a talk, I wanted to showcase a different approach to user emulation, and the initial idea was well received. Security and IT professionals could see the potential and.....
Singapore government conducts second HackerOne bug bounty program(CISO Magazine) During the three-week hacking challenge, more than 400 hackers globally were invited to look for security weaknesses in the Singapore Government’s digital assets. Hackers won $11,750 in exchange for reporting 26 valid security weaknesses to GovTech so they could be safely fixed.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
INSA Spring Symposium: Managing the Evolving Cyber Landscape(Arlington, Virginia, USA, April 18, 2019) Join INSA on Tuesday, April 16 for our annual Spring Symposium. The 2019 theme, Managing the Evolving Cyber Landscape, focuses on the need for a strong, secure digital infrastructure. Hear from senior...
National Cyber League Spring Season(Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
RSA 2019(San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone...
U.S. Commercial Service at RSAC2019(San Francisco, California, USA, March 4 - 8, 2019) In partnership with RSA Conference 2019, we at the U.S. Department of Commerce are excited to offer U.S. exhibitors at RSAC 2019 services to assist in entering or increasing their presence in international...
FAIR Institute Breakfast Meeting during the 2019 RSA Conference(San Francisco, California, USA, March 6, 2019) Join us and fellow cyber risk executives to learn from other industry leaders about their experiences: Marta Palanques, Director, Enterprise Risk Management and Steve Reznik, Director, Operational Risk...
Zero Day Con(Dublin, Ireland, March 7, 2019) On March 7 2019, Zero Day Con will bring together leading technology firms, industry experts and government officials that will share insights for cybersecurity professionals grappling with the rise of...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.