Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
May 6, 2019.
Global Cyber Innovation Summit
We continue our notes on the Global Cyber Innovation Summit, held last Wednesday and Thursday in Baltimore. The symposium offered an overview of current and emerging threats, and of the technology trends that both expose enterprises to such threats and offer the prospect of enhanced defenses.
Estonia's Ambassador-at-large for Cyber Security, Heli Tiirmaa-Klaar, shared her country's experience as not only one of the most thoroughly digitized societies in the world, but as the victim of what's come to be generally regarded as the first cyber war, Russia's 2007 attacks against the networks of the Baltic republic. She characterized it as the "first politically motivated cyber campaign in history," and drew the lesson that good public-private partnership and solid expertise can work to build a society resilient enough to withstand even attacks by a highly capable cyber power.
Not all threats are the proximate work of a nation-state. During a panel discussion on the conference's first day, Carbon Black's Mike Viscuso emphasized the sheer size of the criminal underground at work in cyberspace. The underground cyber economy is now larger, he emphasized, than the illicit drug trade. In fact, it's now a better than trillion-dollar industry. He thinks that as defenses get better (and they have been getting better) the criminals will cease playing the long game because the long game will no longer pay off. They'll increasingly turn to smash-and-grab attacks.
The CyberWire will have further coverage of the Summit later this week.
By the CyberWire staff
Sophos has released a report on MegaCortex, a new strain of ransomware it found last week. (Researchers pass on the feast of Belshazzar and allude instead to Morpheus from The Matrix.)
The Jerusalem Post says a joint Shin Bet-IDF operation prevented a Hamas cyberattack with an air attack on the Gaza headquarters of Hamas cyber operations. Forbes calls it a significant first: kinetic retaliation for (or preemption of) a cyber attack. But the operational reality is both more complex and more conventional. Israel and the Palestinian Sunni-Islamist militia have been engaged in active combat for the better part of a week, and it would probably be more accurate to regard Hamas cyber headquarters as one target in a larger air campaign, and the combat itself as war with a cyber dimension.
To see the airstrike as exclusively a response to a cyber threat is a stretch. Nor is it a first, as ZDNet hints, at least not internationally: the US killed ISIS hackers with drone strikes in 2015, as Defense Systems observed in contemporary accounts of American action against the Caliphate.
The US Federal Trade Commission's enforcement action against Facebook remains up in the air. It's likely to be severe, but the New York Times reports that the form such severity will take, especially the nature of the penalties (if any) to be directed against CEO Zuckerberg himself, are believed to remain the subject of partisan disagreement within the Commission. There's bipartisan skepticism of Big Tech, but disagreement over details.
Today's issue includes events affecting Albania, Australia, Belgium, Bulgaria, Canada, China, Czech Republic, Denmark, Estonia, European Union, Finland, France, Germany, Hungary, Israel, Italy, Japan, Republic of Korea, Latvia, Lithuania, Luxembourg, Malaysia, Malta, Mexico, Myanmar, Netherlands, New Zealand, Norway, Poland, Romania, Russia, Slovakia, Slovenia, Sri Lanka, Sweden, Switzerland, United Kingdom, United States.
Bring your own context.
When researchers talk about threats, and even give them names (we're particularly partial ourselves to animal names), are they talking about an organized set of individuals, or are they talking about an operational style? There's a case to be made that the latter is the way to understand threats.
"You know, it's nice when things fit in buckets in life, and I understand that everyone would like to have one bucket with all the bad things in it, but the reality is that's not how cybercrime works. Right? Attackers watch each other, they copy each other's methodologies, and they improve upon it. And what we see with Sea Turtle is really a distinct set of TTPs that's more advanced and much harder to detect than what we saw with the DNSpionage campaign." Craig Williams, Director of Talos Outreach at Cisco, speaking on the CyberWire's Research Saturday, 5.4.19.
So Sea Turtle might be better understood as a way of hacking than as a box in an org chart or a set of soldiers working under a single capo. ("TTPs," by the way, are "tactics, techniques, and procedures," which is how Fort Leavenworth talks about such ways of being in the world.)
The CISO's ultimate guide to AppSec: 11 essential best practices you should know
By now, we are all too aware of the consequences of a data breach: brand damage, loss of customer confidence, potentially costly litigation, regulatory fines, and more. But most organizations aren’t as familiar with how to prevent these attacks. This guide highlights 11 data security best practices to minimize risk and protect your data.
Cybersecurity Impact Awards(Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!
Cyber Investing Summit(New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.
Cyber Security Summits: May 16 in Dallas and in Seattle on June 25th(Dallas, Texas, United States, May 16 - June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Verizon, Center for Internet Security, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
Uniting Women in Cyber(Arlington, VA, United States, May 17, 2019) Join us as we celebrate the women in today’s cybersecurity ecosystem at the Uniting Women in Cyber Symposium on May 17, 2019! This full-day event features dynamic women speakers discussing the future of tech, cybersecurity and business. Network among 300–400 business and technical professionals and attend our awards reception recognizing women in tech and business.
DreamPort Event: Tech Talk Series: How DevOps and Automation Can Accelerate Warfighting Readiness(Columbia, Maryland, United States, June 19, 2019) Come hear NetApp's own DevOps journey and lessons learned and see how NetApp has equipped large enterprises to change fast and manage risk, with its deep integration with DevOps tools. In this interactive demonstration and discussion, NetApp will guide conversation towards a DevSecOps vision that can be realized immediately with capabilities that are available today to Defense Department developers.
DreamPort Event: RPE- 006: The Defense at Pemberton Mill(Columbia, Maryland, United States, June 21, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting RPE -006: The Defense at Pemberton Mill. For this event, we'll be looking for solutions that monitor a fictitious network for vulnerabilities and detect attacks in progress. We want participants to bring solutions for monitoring both information technology (IT) and operational technology (OT) networks both in live (with network taps) and offline (PCAP) mode. This event is June 21.
Cyberwar: lessons from the Estonian experience.(The CyberWire) Estonia's Ambassador-at-large for Cyber Security shares lessons in resilience and deterrence, and stresses that they require domestically a whole-of-nation approach, internationally an effective coalition of the like-minded, and that they start with cooperative attribution.
SECURITY: Experts assess damage after first cyberattack on U.S. grid(E&E News) The U.S. power sector marked a sober milestone last week as an anonymous Western utility became the first to report a malicious "cyber event" disrupting grid operations. As details of the attack emerge, experts are divided about the long-term threat to electricity networks.
Warnings that 5G mobile tech could threaten 'entire societies'(ABC Radio) A major international cyber security conference, which drew together spies, diplomats and global cyber officials — but notably excluded China and Russia — has concluded that the functioning of entire societies could be put at risk from penetrations of the world's future 5G mobile phone network.
New MegaCortex Ransomware Found Targeting Business Networks(BleepingComputer) A new ransomware has been discovered called MegaCortex that is targeting corporate networks and the workstations on them. Once a network is penetrated, the attackers infect the entire network by distributing the ransomware using Windows domain controllers.
Developers at Microsoft's GitHub are being held to ransom(MSPoweruser) Microsoft’s opens source development platform was last night targeted by hackers, who are demanding payment before they’ll return the hundreds of code sources they stole. The hackers wiped 392 code repositories, downloading and storing the source codes on their own server. “What is known is that the hacker removes all source code and recent commits …
Kaspersky expert on the enemy in your pocket: large-scale SIM swap fraud(Intelligent CIO) With mobile phone payments now hugely popular, cybercriminals have been targeting the market in a wave of attacks. With SIM swap fraud nowadays conducted on a large scale, Fabio Assolini, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab, tells Intelligent CIO how cybercriminals complete the fraud and the best ways to avoid being the next victim.
How ‘deepfake’ videos are manipulating people online(TODAY.com) The so-called “deepfakes,” or fake videos altered to look incredibly real, are surfacing online by people determined to spread fake news, influence elections and create tensions. NBC’s Tom Costello investigates the terrifying technology for the 3rd hour of TODAY.
Middletown schools thwart malware attack(GreenwichTime) An end-of-year ransomware attack, which disabled access to critical business systems and applications for Middletown Public Schools , underscored the need to upgrade both perimeter and endpoint security recently.
Security Patches, Mitigations, and Software Updates
Fix for Tor Browser NoScript Addon Being Disabled(BleepingComputer) When Mozilla let their intermediate signing certificate expire, it not only affected addons in the normal Firefox browser, but also for ones bundled with Tor. This caused the NoScript and HTTPS-Everywhere addons to no longer work in the Tor browser.
Trump tweets support for far-right figures banned by Facebook(CNN) Facebook barred seven users from its services earlier this week, citing its policies against "dangerous individuals and organizations." Now President Donald Trump is siding with the people who were banned and railing against social media "censorship" -- all while using one of his favorite social sites.
Growing demand for cyberdefenders in Iowa, Nebraska(San Francisco Chronicle) The demand for cybersecurity experts has grown as crooks with computers hack their way into business, government and other networks. CyberSeek, a project funded by the U.S. Commerce Department, says nearly 4,600 people are working on cybersecurity in Nebraska and that there are openings for more than 2,000 workers.
Do We Need RFID-blocking Products? We Asked An Expert(Digital Trends) From smart wallets to smart clothing, RFID-blocking products are big business, but are you really at risk from identity theft or fraud via RFID skimming? And if you are, do these products really keep you safe? We investigated RFID-related crime and spoke to an expert to find out.
Xbox Community Standards | Xbox(Xbox.com) The gamertags, gamerpics, screenshots, game clips, and other posts you make on Xbox can be a great way to show off what’s meaningful to you. We encourage all players to be themselves and show off what they like, what makes them laugh, or what makes them amazing. But this sharing can’t come at the expense of other players’ positive experiences.
Baghdadi’s defiant message could cut both ways(Rudaw) The release of a video by the propaganda arm of the Islamic State (ISIS) group purportedly featuring its self-declared caliph has understandably fueled speculation over possible motives. A tacit acknowledgment of the group’s defeat in Syria in March by the man said to be Abu Bakr al-Baghdadi was offset, so to say, by his claim that the April 21 Easter bloodbath in Sri Lanka was “vengeance for their brothers in Baghouz”.
Prague 5G Security Conference(Government of the Czech Republic) An international expert conference on the security of 5G networks is going be held at the Ministry of Foreign Affairs in Prague on May 2 and 3, 2019 under the auspices of Prime Minister Andrej Babiš. Dozens of experts on 5G networks and cyber security from the EU, NATO states and other countries will attend the conference.
Who dares to use Huawei? (South China Morning Post) The US has threatened to rethink connectivity and information sharing with any nation using Huawei equipment in any part of their 5G infrastructure. Washington first declared the company a…
The Strategist Six: Mike Rogers(The Strategist) Welcome to ‘The Strategist Six’, a feature that provides a glimpse into the thinking of prominent academics, government officials, military officers, reporters and interesting individuals from around the world. 1. It appears that the United ...
Sri Lanka expels 600 foreigners after Easter bombings(Deutsche Welle) Around 200 Islamic clerics were among the 600 foreigners expelled from Sri Lanka after deadly bombings on Easter Sunday. Extensive security measures have been taken as schools reopen. Tourism has effectively collapsed.
Huawei leak scandal: Theresa May sacking of ex defense secretary backfires(MercoPress) British Prime Minister Theresa May hoped firing her defense secretary over a leak would put her latest government scandal to rest. But it seems only to have unleashed yet another political storm for the PM, with members of her own party questioning her judgment and opponents demanding the police be called in.
Feds Bust Up Dark Web Hub Wall Street Market(KrebsOnSecurity) Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world’s largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Houston CyberSecurity Conference(Houston, Texas, USA, May 15, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. The keynote at Houston will be delivered by Damian Taylor, CISO Landry’s Inc, on "Hiding...
Kansas City CyberSecurity Conference(Kansas City, Missouri, USA, May 22, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. The keynote at Kansas City will be delivered by John Dickson, Principal, Denim Group Ltd,,...
San Diego Cyber Security Conference(San Diego, California, USA, June 5, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. In San Diego the keynote will be delivered by Darin Andersen, CEO/ Founder NXT Robotics,...
CyberNext Summit(Washington, DC, USA, October 8 - 10, 2019) Cybersecurity is shifting toward more distributed and dynamic models. Decentralized security infrastructure brings its challenges and opportunities. CyberNext Summit (#CNS19) 8-10 October, 2019 in Washington...
Borderless Cyber(Washington, DC, USA, October 8 - 10, 2019) OASIS Borderless Cyber and The Integrated Adaptive Cyber Defense (IACD)'s Integrated Cyber merge conferences this year to bring you a three-day program addressing advances in automation and autonomous...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
SecureWorld Kansas City(Kansas City, Missouri, USA, May 8, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
RiskSec 2019(Philadelphia, Pennsylvania, USA, May 8, 2019) RiskSec 2019 will provide insights from thought leaders across various industries, focusing on the most significant issues that CISOs and other security professionals face every day. Learn about new approaches...
Digital Utilities Europe 2019(London, England, UK, May 8 - 9, 2019) Following three successful editions of ACI’s Digital Utilities Europe Summit, the 4th edition will be taking place in London, United Kingdom on 8th-9th May 2019. The conference will bring together key...
Secutech 2019(Taipei, Taiwan, May 8 - 10, 2019) As the largest regional business platform for professionals in the security, mobility, building automation and fire safety solution sectors, Secutech is the annual gathering place for key players from...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.