How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
November 12, 2019.
By the CyberWire staff
North Korean cyber operations received renewed attention from both the US and India since late last week. US Cyber Command posted seven malware samples to VirusTotal. The malware is associated with Hidden Cobra (the Lazarus Group), and Cyber Command says they've been used for "fund generation and malicious cyber activities including remote access, beaconing, and malware command." Financial crime in particular has been characteristic of Pyongyang's cyber operations.
Reports continue to link North Korean cyber operators to recent incidents at India's Kudankulam nuclear power plant, CPO summarizes. What the Lazarus Group was after, assuming the attribution in the press holds up, remains unclear. As ZDNet pointed out two weeks ago, the operation could have been espionage, reconnaissance, staging, or simply collateral damage from some other campaign.
More curiously, ISRO, the Indian Space Research Organization, was also warned of a DTrack infestation, believed to be of North Korean origin, the Indian Express reports. The warning arrived during the space agency's Chandrayaan-2 lunar mission which failed when controllers lost contact with the spacecraft during its September 6th landing attempt.
BleepingComputer reports that the threat actor Microsoft tracks as "Platinum" is using a new, stealthy backdoor.
McAfee researchers note that Buran, a Russian-speaking gang offering a variant of VegaLocker ransomware, is competing in the ransomware-as-a-service market by cultivating customer relationships and offering competitive discounts.
SmarterASP sustained a ransomware attack late Sunday, posting status updates to its site and Facebook pages. The hosting service tweeted that its first priority is restoring its data servers.
Today's issue includes events affecting China, India, Indonesia, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Malaysia, Russia, Saudi Arabia, South Africa, United Arab Emirates, United Kingdom, United States, and Vietnam.
Bring your own context.
Securing the supply chain involves attention to third-party, even fourth-party, maybe nth-party risk. How far down the supply chain do you go?
"It goes pretty far. I don't think it's the ability to kind of just be reliant on a questionnaire or a survey - is going to satisfy concerns or kind of the security risks that are present today. It's going to take actual baseline profiling of, you know, which IP addresses potential vendors are using in order to relay or have some sort of communications with your IT environment. It's going to be the exact sort of software that has to be downloaded, the versions that are being used, how software packages get updated. Those type of details are very important today in order to identify anomalous activity."
—Michael Sechrist, chief technologist at Booz Allen Hamilton, on the CyberWire Daily Podcast, 11.8.19.
Do you know where the bad guys are getting in and what they are doing to put you at risk?
Today, it’s not enough to know what’s happening IN your network. Organizations must have situational intelligence as to what’s happening outside their environment - who’s targeting them, how are they behaving, and who’s working together to put your company at risk? Wherever those bad actors are, we’ll find them. We provide expert endpoint protection, risk management, and threat intelligence for large enterprises and government agencies worldwide.
Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles(Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
Cyber-attack against KNPPP and ISRO: The threat comes home(ORF) It is now evident that both Kudankulam Nuclear Power Plant (KNPP) and the Indian Space Research Organisation (ISRO), were the target of a cyber-attack or it could simply be an act of cyber espionage that originated in North Korea.
Beware! World's Most Notorious Hacking Group Launches New Backdoor(Fossbytes) Platinum, the infamous Advanced Persistent Threat (APT) group has launched a new backdoor trojan named Titanium that has advanced capabilities of taking complete control over the target's PC. To evade security software, Titanium uses clever tricks like encryption, camouflaging as essential drivers, and delivering data stenographically in PNG images.
Scandal of scammers on Google(Times) Google is making tens of millions of pounds from scammers who are using its search engine to lure savers to invest in high-risk or potentially fraudulent schemes, a Times investigation has revealed.
Here's How Scammers Tried to Dupe Trend Micro Customers(PCMAG) We speak to a Trend Micro customer who says she tried to warn the security vendor about a breach that was later revealed to have been carried out by a rogue employee. But 'I didn't think Trend Micro was treating it seriously,' she says.
Jarrett: How safe is the U.S. power grid?(Casper Star-Tribune Online) At any one time, the United States uses more than 400,000 megawatts of electricity. That’s a lot of power, and it takes a lot of nonstop work to keep it
Growing attacks using Accept-Charset exploit(Peerlyst) Juniper Threat Labs is seeing a growing attack on Accept-Charset HTTP Header. This request header allows the client to indicate what character sets, i.e., ISO-8859-1 or utf-8, are available for response.
Five emails you don’t want in your inbox(Digital Forensics) Phishing attacks are the most common form of cyber attack. Why? The simplicity of email gives cyber criminals an easy route in, allowing them to reach users directly with no defensive barriers, to mislead, harvest credentials and spread malicious elements.
The future of spam is scary(IT PRO) AI, deepfakes and other tech could make spotting spam tougher, but spam fighters are using the same tools to keep our inboxes clean
Holiday Shopping, Phishing, and Malware Scams(CISA) As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes.
CISA encourages users to remain vigilant and take the following precautions:
Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin(KrebsOnSecurity) Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned.
QuikSilver and Billabong Affected by Ransomware Attack(BleepingComputer) Action sports giant Boardriders was hit by a ransomware attack that affected some of its subsidiaries, including QuikSilver and Billabong, and forced the company to shut down computing systems all over the world.
Experts Comments On Billabong And Quiksilver Hit By Cyber Attack(Information Security Buzz) t has been reported that hackers have launched a cyber-attack on the Billabong and Quiksilver websites. Boardriders Inc, the US company which owns Quiksilver and Billabong – both founded in Australia – was targeted by international hackers two weeks ago. Customers are still reporting problems while using the company’s websites. The Californian-based company’s international operations, IT systems, communications, sales and …
Your gift cards are a top target for scammers this holiday season(CNBC) Gift card fraud is becoming more and more common among financial scammers, according to security experts. While consumers are now primed to routinely check their credit card reports and statements for mysterious transactions, it isn't often the same for gift cards.
Security Patches, Mitigations, and Software Updates
2019 Payment Security Report(Verizon Enterprise) Read the 2019 Payment Security Report from Verizon Enterprise Solutions, which covers the efficacy of PCI security standards & data on creating compliance programs.
Security Predictions Reports(FireEye) Our annual Security Predictions report offers unique insights into what we can expect from attackers, victim organizations, security vendors and nation-states in the coming year.
Data Breach QuickView Report 2019 Q3 Trends(Risk Based Security) Our QuickView Report is sourced from our product Cyber Risk Analytics® and has garnered media attention from publications such as Forbes and USA Today.
Cyberspace operations contract for Navy won by Parsons(Military Embedded Systems) Parsons Corporation won its first task order under a potential Naval Information Warfare Center Pacific (NIWC Pacific) indefinite delivery/indefinite quantity, multiple award contract. The contract was originally announced by NIWC Pacific in May 2019.
Bugcrowd Paid Over $500K in Bug Bounties in One Week(BleepingComputer) Crowdsourced security company Bugcrowd announced today that it paid over $500K ($513,333) to 237 whitehat hackers in a single week for the first time since launching its bug bounty platform more than seven years ago.
Ability Inc. Announces Receipt of Delisting Notification Letter From Nasdaq(West) Ability Inc. (NASDAQ: ABIL) (the “Company”), a leading provider of innovative tactical communications intelligence solutions, today announced that on November 6, 2019, it received a determination letter (the “Letter”) from The Nasdaq Stock Market LLC (“Nasdaq”) indicating that it did not comply with the Listing Rule 5550(b) (the “Equity Rule”) for continued listing on the Nasdaq Capital Market...
Products, Services, and Solutions
NSS Labs Announces 2019 Data Center Firewall / Security Gateway Group Test Results(NSS Labs, Inc.) Four of the industry’s leading data center deep inspection firewall products were tested to compare product capabilities for security effectiveness (exploit block rate, evasion techniques, and stability & reliability), total cost of ownership (TCO), and performance: Cisco, Fortinet, Juniper Networks, and Palo Alto Networks.
Sensors and Sensibility(Stranded on Pylos) The most frustrating type of bad argument to refute are those which feature or rest upon a kernel of truth. In the worst, most-annoying scenario, one must deal with a counterparty that simply reass…
Security in the cloud: Facts vs fiction(Computing) There are anything from 13 billion to 21 billion smart devices online today. These estimates were presented by different speakers at a recent Westminster eForum... ,Cloud Computing ,workdaycloudhub
When is the right time to red team?(Help Net Security) Learn about managing red teaming. The team needs to be equipped with skills that will enable them to match what genuine black hats can muster.
Tandon Students Organize World’s Largest Cyber Security Competition(Washington Square News) Against a sullen gray background, a Tandon School of Engineering gymnasium was packed with colorful balloons and tables of excited competitors with eyes glued to their laptops, prepared to compete in the world’s largest student-led cyber security contest: Tandon’s annual Cyber Security Awareness Wee
Secure cyberspace to save civilisation(Times) A jargon jungle and alphabet soup await anyone navigating internet governance. The technology is baffling. So is the plethora of watchdogs, commissions and committees. But few things matter more.
A Framework for Election Vendor Oversight(Brennan Center for Justice) Private companies supply vital elements of America’s election infrastructure but face almost no regulation. Federal standards are needed to ensure its security.
Administration Issues Plan for Notifying Public of Foreign Election Interference (Wall Street Journal) The Trump administration released a framework summary outlining when it intends to notify Congress, election officials and the public about foreign interference operations that target American elections, in an effort intended to ensure its process is applied consistently and without political considerations.
Statement on Sen. Wyden's Letter(Blog @ Voatz) While we have not been contacted by Senator Wyden or his office directly, we welcome any and all additional security audits by the Department of Defense and NSA regarding our platform…
Chhattisgarh CM forms panel to probe WhatsApp privacy breach(Hindustan Times) Several rights activists, lawyers, and journalists on October 1 said that they had been identified as targets of phone hack aimed at snooping on them. It came a day after messaging services company WhatsApp went public with allegations against the NSO Group, which is known mostly as Pegasus, for having misused its platform to aid spying on around 1,400 people globally.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Enfuse 2019(Las Vegas, Nevada, USA, November 11 - 14, 2019) In a Zero Trust world, law enforcement, legal, and security professionals need to continuously augment and tune their skills. Join us at Enfuse 2019 to learn, teach, share and have fun while exploring...
Cybersecurity for Small Businesses(Hazelton, Pennsylvania, USA, November 13, 2019) During the conference, attendees will learn how cybersecurity affects entrepreneurship, why small businesses are easy victims of cyberattacks, the impact of small business cyberattacks, and common security...
SecureWorld Seattle(Seattle, Washington, USA, November 13 - 14, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Time Machine 2019(Austin, Texas, USA, November 13 - 14, 2019) At Time Machine, you will actively engage with real-world AI applications. Hear from leaders on the cutting edge of technology, government, industry, academia, and the arts, and uncover the roadmap for...
QuBit Cybersecurity Conference(Sofia, Bulgaria, November 14, 2019) QuBit is a Cybersecurity Community Event connecting the East and West and it is already the 6th year on the cybersecurity market in CEE region. Based on the success in Prague, QuBit expanded further and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.