How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
November 14, 2019.
By the CyberWire staff
Unrest in Hong Kong continues, as do lawfare and information operations waged from Beijing. The Internet Society has protested a ruling by the Hong Kong High Court that effectively criminalizes using the Internet for communications not in the government's interest. The proscribed communications are ones that, nominally, promote violence, but the ruling seems more expansive than that. It's also likely, the Internet Society believes, to exert a chilling effect on online communications, with attendant pressure on platforms to err on Beijing's side when they perform content moderation.
And, in the face of widespread takedowns of coordinated inauthenticity, Quartz reports that Beijing's line on Hong Kong is being circulated through an unlikely channel: Pornhub, which is exactly what its name suggests. Much of this activity seems the work of centrally inspired but independently operating patriotic actors.
Trend Micro describes renewed activity by APT33, the suspected Iranian threat group active against oil, gas, and defense targets.
Researchers at Intezer and IBM's X-Force describe a new ransomware strain, PureLocker, which attacks enterprise production servers. PureLocker, the researchers believe, is associated with the criminal groups Cobalt Gang and FIN6, who are thought to have obtained it on the black market from a malware-as-a-service provider.
Facebook's Community Standards Enforcement Report says the social network took down tens of millions of pages whose contents violated its community standards, proscribing terrorist inspiration, child exploitation, bullying, and incitement to suicide or self-harm, among other things. Facebook also offered examples of how it draws the line on impermissible content.
Today's issue includes events affecting Canada, China, European Union, France, India, Iran, Israel, Sri Lanka, Russia, United Kingdom, United States.
Bring your own context.
PKPLUG, and what the Chinese espionage campaign using it is up to.
"Once again, the elements of who was targeted were again related to the interests of the PRC, but didn't seem to be against other governments, that did have sort of an activist theme, though, targeting Uyghurs, the Turkic ethnic group that's largely in north, sort of, eastern China – excuse me, northwestern China. The themes that we were seeing around how they were tricking people into installing this on their Android phone were related to Uyghur messages, as well as we saw an element inside of the malware – it would only steal data from the phones basically when it saw that they had a prefix code on them that was the Chinese prefix code. So they weren't looking to target people outside of China. They were looking to target Uyghurs and they were using Islamic themes to identify them when sending these out, and then only trying to steal from their phones. Which is – this is a pretty significant jump from the kinds of activity that we'd seen in the past, but we were able to connect it through the infrastructure that was used, the infrastructure and some of the other tactics, to say that these were related attacks."
—Ryan Olson, vice president of threat intelligence for Palo Alto Networks and head of Unit 42 on the CyberWire's Research Saturday Podcast, 11.9.19.
Not all surveillance is directed against foreign adversaries.
Do you know where the bad guys are getting in and what they are doing to put you at risk?
Today, it’s not enough to know what’s happening IN your network. Organizations must have situational intelligence as to what’s happening outside their environment - who’s targeting them, how are they behaving, and who’s working together to put your company at risk? Wherever those bad actors are, we’ll find them. We provide expert endpoint protection, risk management, and threat intelligence for large enterprises and government agencies worldwide.
And Hacking Humans is up. In this episode, "Skepticism is the first step," Joe shares stories of typo-squatting. Dave reminds us of warnings against responding to malicious email, even just for fun. The catch of the day is from a listener, leading on a romance scammer. Carole Theriault returns with an interview with Chris Olson from The Media Trust on how targeted advertising can enable election interference.
Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles(Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
WannaMine v4: Analysis & Remediation(CrowdStrike) This blog provides deep insight into the world of mineware through an in-depth discussion of one of the most notorious mineware variants, WannaMine v4.
More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting(TrendLabs Security Intelligence Blog) The threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.
New ZombieLoad v2 Attack Affects Intel's Latest Cascade Lake CPUs(The Hacker News) ZombieLoad variant 2 of the side-channel MDS vulnerabilities affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout)
How much does it cost to launch a cyberattack?(CSO Online) Just like in regular business, cyber criminals have a cost of operation and a return on investment to worry about. Unfortunately, a new report from Deloitte has found the cost of committing cyber crime is incredibly low.
Education sector worst hit by cyber threats from July-Sept: Seqrite(The Economic Times) Targeting the education sector indicates a major shift in the sector-wise priorities amongst cybercriminals and underscores a willingness to exploit the weaker security infrastructures at educational institutions to create maximum disruption. Other industries that remain at high risk include manufacturing, BFSI, media and entertainment, and professional services.
Resignation at GitLab Highlights Concerns Over Corporate Espionage (Wall Street Journal) Candice Ciresi resigned from her position as director of global risk and compliance at the San Francisco-based software-development startup following a brouhaha that began last month over how the company handled client concerns about data privacy.
House panel mulls new election tech specs(FCW) The House Science, Space and Technology Committee will mark up new legislation Nov. 14 that would mandate new research into voting machine cybersecurity vulnerabilities and update the way the government certifies such equipment.
Report: Election vendors are 'prime targets,' need oversight(WHAM) The private companies that make voting equipment and build and maintain voter registration databases lack any meaningful federal oversight despite the crucial role they play in U. S. elections, leaving the nation's electoral process vulnerable to attack, according to a new report. The Brennan Center for Justice on Tuesday issued the report, which calls on Congress to establish a framework for federal certification of election vendors.
Internet Society Deeply Concerned about Interim Injunction Ordered by Hong Kong High Court(Internet Society) The Internet Society and the Internet Society Hong Kong Chapter are deeply concerned about the recent interim injunction (High Court Intended Action 202/2019) ordered by the Hong Kong High Court and the effects it might have on the operation of Internet infrastructure and online communications. The Internet Society is troubled by actions like this that …
U.S. demands for Facebook user data are at record levels(TechCrunch) Facebook’s latest transparency report is out. The social media giant said the number of government demands for user data increased by 16% to 128,617 demands during the first half of this year compared to the second half of last year. That’s the highest number of government demands it ha…
Orcus RAT Author Charged in Malware Scheme(KrebsOnSecurity) In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT, a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Enfuse 2019(Las Vegas, Nevada, USA, November 11 - 14, 2019) In a Zero Trust world, law enforcement, legal, and security professionals need to continuously augment and tune their skills. Join us at Enfuse 2019 to learn, teach, share and have fun while exploring...
SecureWorld Seattle(Seattle, Washington, USA, November 13 - 14, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Time Machine 2019(Austin, Texas, USA, November 13 - 14, 2019) At Time Machine, you will actively engage with real-world AI applications. Hear from leaders on the cutting edge of technology, government, industry, academia, and the arts, and uncover the roadmap for...
QuBit Cybersecurity Conference(Sofia, Bulgaria, November 14, 2019) QuBit is a Cybersecurity Community Event connecting the East and West and it is already the 6th year on the cybersecurity market in CEE region. Based on the success in Prague, QuBit expanded further and...
Orlando Cybersecurity Conference(Orlando, Florida, USA, November 14, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.