What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
March 27, 2019.
Like the CyberWire? Share it with a friend or colleague
If you enjoy the CyberWire and find it a valuable part of your day, why not share it with friends and colleagues? Send them an invitation to subscribe. And, as always, thanks for reading.
By the CyberWire staff
Facebook has closed some 2600 accounts for "coordinated inauthentic behavior," that is, for illegitimate political influence operations. The accounts were based in Russia, Kosovo, Iran, and Macedonia.
Norsk Hydro has largely returned to normal operations after last week's LockerGoga ransomware attack. Production in its Extruded Solutions division, most affected by the attack, had yesterday reached 70% to 80% of normal capacity.
Secondary attacks, whether opportunistic or planned, remain a concern. Norsk Hydro warns against spoofs, urging anyone receiving an email that appears to be from Norsk should contact the company before taking any action the email might suggest. Bogus communications could represent attempts to either spread the ransomware or defraud third-parties through social engineering.
ZDNet reports that losses from the attack so far may have amounted to some $40 million.This high-level estimate of direct costs may be compared to the roughly $100 million Mondelez lost to 2017's NotPetya attack, or the $300 million that same attack cost Maersk, but the incident is young and losses may increase. Norsk does have cyber insurance, led by AIG. How much Norsk's policies will cover remains to be determined.
Foreign Policy magazine discusses Russian reaction the Special Counsel Mueller's investigation, saying that the Kremlin too is claiming exoneration. But Moscow does so, one must observe, with far less justice than President Trump. The report the Attorney General rendered to Congress explicitly calls out Russian influence operations, and the Special Counsel's work resulted in indictment of twelve Russian intelligence officers, which hardly looks like exoneration.
Today's issue includes events affecting China, Egypt, European Union, India, Indonesia, Iran, Israel, Kazakhstan, Kosovo, NATO/OTAN, North Macedonia, Norway, Pakistan, Poland, Russia, Spain, United States, and Venezuela.
And Recorded Future's latest podcast, produced in cooperation with the CyberWire, is also up. In this episode, "The grugq Illuminates Influence Operations," to celebrate one hundred episodes of their podcast, they're joined by the grugq to discuss the history of influence operations, why they work, and what they may come to be.
Cyber Security Summits: April 2nd in Denver and in Philadelphia on April 25th(Denver, Colorado, United States, April 2 - 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Dell, Oracle, Darktrace, Verizon and more. Passes are limited, secure yours today: www.CyberSummitUSA.com
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Cyber Attacks, Threats, and Vulnerabilities
Abuse of hidden “well-known” directory in HTTPS sites(Zscaler) Zscaler security research team detected several WordPress and Joomla sites that were serving Shade and Troldesh ransomware, backdoors, redirectors, and a variety of phishing pages. In this blog, we are focusing on the Shade and Troldesh ransomware and phishing pages that we detected.
LUCKY ELEPHANT Campaign Masquerading(NETSCOUT) In early March 2019, ASERT Researchers uncovered a credential harvesting campaign targeting mostly South Asian governments. The actors behind this campaign we call LUCKY ELEPHANT use doppelganger webpages to mimic legitimate entities such as foreign governments, telecommunications, and military.
Siemens SCALANCE X(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 5.4ATTENTION: Exploitable remotelyVendor: SiemensEquipment: SCALANCE XVulnerability: Expected Behavior Violation2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow an attacker to feed data over a mirror port and into the mirrored network.3. TECHNICAL DETAILS3.1 AFFECTED PRODUCTSThe following SCALANCE products are affected:
ENTTEC Lighting Controllers(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploitVendor: ENTTECEquipment: Datagate MK2, Storm 24, PixelatorVulnerability: Missing Authentication for Critical Function2. RISK EVALUATIONSuccessful exploitation of this vulnerability could reboot this device allowing a continual denial of service condition.
PHOENIX CONTACT RAD-80211-XD(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.9ATTENTION: Exploitable remotely/low skill level to exploitVendor: Phoenix ContactEquipment: RAD-80211-XDVulnerability: Command Injection2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow an attacker to execute system level commands with administrative privileges.
Dangerous cyber attacks may not be detected by network monitoring – engineers are also needed(Control Global) Sophisticated cyber attacks can be misidentified as malfunctions. This brings up the need for out-of-band sensor monitoring as an independent view of the process conditions from the potentially compromised IP networks. The current focus on IT/OT convergence rather than reaching out to engineering will continue to lead to “blind spots” when it comes to detecting sophisticated cyber attacks such as Stuxnet and the Triconex cyber attacks.
UC Browser for Android, Desktop Exposes 500+ Million Users to MiTM Attacks(BleepingComputer) The extremely popular UC Browser and UC Browser Mini Android applications with a total of over 600 million installs expose their users to MiTM attacks by downloading and installing extra modules from their own servers using unprotected channels and bypassing Google Play's servers altogether.
Microsoft Account Email Phishing Attempt Looks Legitimate(neoRhino IT Solutions) Researchers have discovered a pair of nasty phishing campaigns that are making use of Microsoft's Azure Blob Storage in a bid to steal the recipient's Microsoft and Outlook account credentials. Both campaigns are noteworthy in that they utilize well-constructed landing...
Employee Attack Likelihood: The Hidden Indicator Nobody Talks About(Panorays) Human behavior affects the likelihood of cyberattacks, and can be assessed by examining elements like social posture, presence of security team and employee security awareness. This research describes how the "human element" can be incorporated into cyber posture ratings.
NVIDIA Patches High Severity GeForce Experience Vulnerability(BleepingComputer) NVIDIA released a security update for the NVIDIA GeForce Experience software for Windows to patch a vulnerability that could allow potential local attackers with basic user privileges to elevate privileges, trigger code execution, and perform denial-of-service (DoS) attacks.
10 Movies All Security Pros Should Watch(Dark Reading) Don't expect to read about any of the classics, like 'War Games' or 'Sneakers,' which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.
How Great Story Telling Is Changing Cybersecurity Marketing(AlleyWatch) The Hero's Journey is as timeless as it is captivating and compelling. When applied to cybersecurity marketing, The Hero's Journey casts the CISO and his team as the hero, and the vendors’ product as the magic element that staves off the enemy and transforms the CISO's company to a safer, protected place.
Carbonite Closes Acquisition of Webroot(Odessa American) Carbonite, Inc. (NASDAQ: CARB), a leading cloud-based data protection provider, today closed its previously announced acquisition of Webroot Inc. The combination of cloud-based backup and recovery with cloud-based cybersecurity introduces a new approach to data protection for the endpoint.
Make No Mistake — Microsoft Is A Security Company Now(Security Boulevard) That’s not a bad start of the day, reading such a headline from a Forrester analyst. I am often asked, how far we are going to drive security within Microsoft. Well, I guess here you have an answer from an outsider: Make No Mistake — Microsoft Is A Security Company Now. Even though the author…
IOActive Appoints Matt Rahman as Chief Operating Officer(IOActive) Security Industry Veteran Joins IOActive to Create Global Partnerships and Expand Global Footprint in Industry Verticals Seattle, Wash., March 26, 2019 –IOActive, Inc., the worldwide leader in research-fueled security services, today announced that Matt Rahman has joined the organization as its Chief Operating Officer (COO). As COO, Rahman will be responsible for guiding IOActive through its next stage of growth, supporting the sales, delivery and marketing teams from an operational perspective and creating efficiencies wherever possible. “Over the past two decades, IOActive has built an expert team of...
Voice Biometrics(Nuance Communications) Voice biometrics and enhanced multi-user interaction accommodate the transition to autonomous driving and car-sharing, offering the functionality needed for shared mobility applications, vehicle interior conversion, and other essentials of future mobility.
F-Secure Oyj (via Public) / Continuous response needed to fight modern threats(Public) As the threat landscape continues to evolve, so does the need for organizations' approaches to defending against the business impact of cyber attacks. In light of this trend, cyber security provider F-Secure is calling for greater emphasis on both the preparedness for a breach as well as fast and effective containment that covers the correct balance of people, process and technology.
DDoS Protection Requires Looking Both Ways(Security Boulevard) Service availability is a key component of the user experience. Customers expect services to be constantly available and fast-responding, and any downtime can result in disappointed users, abandoned shopping carts, and lost customers. Consequently, DDoS attacks are increasing in complexity, size and duration. Radware’s 2018 Global Application and Network Security Report found that over the The post DDoS Protection Requires Looking Both Ways appeared first on Radware Blog.
Securing the future of the cloud through threat intelligence(Innovation Enterprise) Individual users, groups of professionals and entire businesses are all connected to and run on the internet today, presenting an opportunity for criminals to exploit endless network connectivity, disrupt operations and steal crucial information
Cybersecurity program launches for high school girls(Washington Times Herald) A national cybersecurity program designed specifically for high school girls has launched, to encourage more females into the industry and reduce the digital skills gap. Girls need to be at
DHS Wants to Hire Cyber Talent Outside of Normal Government Restrictions(Meritalk) The Department of Homeland Security’s plan for filling the cyber talent gap is intended to focus on talent, more so than established credentials, which means leaving behind some of the traditional methods of hiring, paying, and retaining skilled employees. At the bottom line, DHS wants to take off the General Schedule handcuffs.
KNOW 2019(Las Vegas, Nevada, USA, March 24 - 27, 2019) The Future of Trust starts at KNOW 2019, the definitive event focused on the data economy. From Facebook and Equifax to GDPR, identity data is at the forefront of cybersecurity and regulation. KNOW is...
Cyber Security for Critical Assets Summit(Houston, Texas, USA, March 26 - 28, 2019) The Cyber Security for Critical Assets Summit unites 250+ senior IT & OT security professionals to elucidate the most advanced cybersecurity information, debate policies and guidelines, and collaborate...
SecureWorld Boston(Boston, Massachussetts, USA, March 27 - 28, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Symposium on Securing the IoT(San Francisco, California, USA, March 27 - 29, 2019) Want to share your passion and knowledge for Securing the 25 Billion devices connected to the Internet? Topics currently being selected for tracks include: Authenticating Blockchain, Secure Medical & Healthcare,...
Women in CyberSecurity (WiCyS) Conference(Pittsburgh, Pennsylvania, USA, March 28 - 30, 2019) The WiCyS Conference brings together women in cybersecurity from academia, research, government, and industry to share knowledge, experience, networking, and mentoring. The event's goal is to broaden participation...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.