Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
October 7, 2019.
By the CyberWire staff
At the end of last week Microsoft warned that a threat group it calls "Phosphorus" (and that others call Charming Kitten or APT35) is already actively working to affect the 2020 US Presidential election. Phosphorus is Iranian, and "linked to the Iranian government." The principal target appears, Reuters reports, to be President Trump's campaign, and the activity seems to be in its reconnaissance phase. The threat actor's targets are not exclusively campaign operations: journalists, government officials, and Iranian expatriates are also of interest to Phosphorus.
Teiss reports that a cybercriminal going by the nom-de-hack of X4crow is auctioning what he, she, or they claim is a 16GB SQL database holding personal information on about ninety-two million Brazilian citizens. The data are the usual identity theft gold: names, dates of birth, taxpayer IDs, gender, and mother's names.
Prince Harry is suing the News Group Newspapers and MGN Ltd., alleging, the Guardian reports, phone hacking that invaded his privacy. The Duke of Sussex is claiming damages from an old incident: the tabloids are said to have hacked royal phones between 1994 and 2011. The New York Times published a wrap-up of the incident nine years ago.
The Tuscaloosa Post says the DCH Health System unlocked ransomware-encrypted files by paying the extortionists.
Thales and Verint have published a taxonomy of some of the more prominent threat actors.
Today's issue includes events affecting Australia, Brazil, Cambodia, Canada, China, India, Iran, Ireland, Malaysia, Myanmar, New Zealand, Philippines, Qatar, Russia, Thailand, Ukraine, United Kingdom, United Nations, United States.
Bring your own context.
Threat hunting: a brief guide for the perplexed.
"So threat hunting is looking for adversaries that are already present within your network or your endpoints. Enterprises today are spending money on things like antivirus and firewalls and intrusion detection and prevention systems for their network. But what do you do if any of that fails? It really only takes a couple systems for an adversary to move around or to subvert, and then they're in and persistent within your environment. And so what threat hunting is, is the constant and continuous searching for ... the anomalous. So it's looking for things that don't smell quite right, but it could be a new patch that has changed that registry key or a new program has shown up because someone installed it or looking at things like the suspicious - things like, perhaps this registry key was added with this new potentially unwanted program, or the suspicious being someone logging in directly into a Linux system using a root login instead of logging in as the user and then becoming superuser. So threat hunting is really looking for the things that are misplaced or shouldn't be there."
—Justin Harvey, Global Incident Response Leader at Accenture, on the CyberWire Daily Podcast, 10.4.19.
If it doesn't look right, well, "Доверяй, но проверяй," as the kids say.
According to Coalfire’s latest report on FedRAMP, U.S. agencies spent $6.5B in cloud services in FY2018, an impressive 32 percent year-over-year increase, with the vast majority of Federal cloud migration still to come. SaaS/PaaS/IaaS providers can gain access to this market with significantly less investment in both time and cost by taking advantage of automation and recent FedRAMP program updates. Learn how.
Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale(New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
Texas Cyber Summit Job Fair, October 10, San Antonio.(San Antonio, Texas, United States, October 10, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free Texas Cyber Summit Job Fair, October 10 in San Antonio. Meet face-to-face with leading cyber employers. Visit ClearedJobs.Net or CyberSecJobs.com for more details.
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email email@example.com for a chance to receive a complimentary ticket.
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
No one could prevent another ‘WannaCry-style’ attack, says DHS official(TechCrunch) The U.S. government may not be able to prevent another global cyberattack like WannaCry, a senior cybersecurity official has said. Jeanette Manfra, the assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said on stage at TechCr…
Windows 10 KB4524147 Update May Cause Boot and Printing Issues(BleepingComputer) Windows 10 1903 users have started reporting boot, printing, and Start Menu issues after installing the KB4524147 cumulative update that go away once the update is uninstalled. Microsoft has not acknowledged any of these issues as of yet, but the amount of reports indicate that there is something going on with this update.
HildaCrypt Ransomware Developer Releases Decryption Keys(BleepingComputer) The developer behind the HildaCrypt Ransomware has decided to release the ransomware's private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free.
Report: Alabama hospitals pay hackers in ransomware attack(WHNT) An Alabama hospital system that quit accepting new patients after a ransomware attack said Saturday it had gotten a key to unlock its computer systems.
A statement from DCH Health Systems didn't say how the three-hospital system got the information needed to unlock its data. But The Tuscaloosa News quoted spokesman Brad Fisher as saying the hospital system paid the attackers.
Cyber attack hits Bonjour-Santé(Montreal Gazette) The private Quebec medical-booking service that promises quick appointments was the victim of a cyber attack on Sunday, its president said
Prepare for the Deepfake Era of Web Video(Wired) “We’re going to get more and more of this content and it’s probably going to get of better quality,” says Sam Gregory of the human-rights nonprofit Witness.
Reducing risk by increasing visibility(The CyberWire) When defending power production and distribution, visibility is the essential first step. Defenders must see everything, from ICS sensors to business systems.
Siemens-Poneman Study: Cyber attacks on power utilities are growing in numbers, complexity(Power Engineering) The cybersecurity risks against critical power infrastructure seems to be worsening, as a new study indicates that 56 percent of respondents reported their companies suffered one or more shutdowns or loss of operational data per year. The joint report by Siemens and the Poneman Institute assesses the growing threats as utility business models connect operational...
Hiring security pros will cut cyberattack impact cost: Study(Outlook) Enterprises which deployed an internal Security Operation Center (SOC) have been able to reduce financial damage from a cyberattack at $675,000 -- less than half the average impact cost for all enterprise-level organizations at $1.41 million, a new survey from Kaspersky and market research firm B2B International has revealed.
Taiwan flag emoji disappears from latest Apple iPhone keyboard(Hong Kong Free Press HKFP) The Republic of China flag emoji has disappeared from Apple iPhone’s keyboard for Hong Kong and Macau users. The change happened for users who updated their phones to the latest operating system. Updating iPhones to iOS 13.1.1 or above caused the flag emoji to disappear from the emoji keyboard. The flag, commonly used by users to …
FBI Okays Paying in a Ransomware Attack(Decipher) The FBI does not advocate paying a ransom because there’s no guarantee the organization will get the data back, but acknowledged in an updated guidance that sometimes, for some organizations, paying the ransom makes a lot of sense.
Top Ten Finalists Named In Governor's High School Cyber Challenge(MITechNews) Round 1 of the Governor’s High School Cyber Challenge has closed. The top 10 teams named this week now move on to Round 2 to be hosted during the North American International Cyber Summit Oct. 28 at the TCF Center. The Governor’s High School Cyber Challenge is designed to test students’ knowledge …
Myanmar to Keep Huawei Despite Security Concerns(VOA) Myanmar has decided to keep using China’s Huawei to develop its new mobile communications system. The decision comes despite national security concerns about Huawei by the United States and some other nations.
Qatar seeks enhanced international cooperation in combating cyber crimes(The Peninsula Qatar) The State of Qatar has said that it is actively seeking to enhance information security within the country and to encourage international cooperation in combating cybercrime, noting that it was a victim of cyber-piracy, which was a cover for creating a plotted regional crisis that has severely harmed regional and international security and stability.
Prince Harry sues newspapers over hacking claims(Times) The Duke of Sussex has raised the prospect of appearing in the witness box at the High Court as it emerged that he is suing two newspaper groups over the alleged hacking of his mobile phone. Court...
Risk & Repeat: Trump takes aim at DNC hack and CrowdStrike(TechTarget) This Risk & Repeat podcast looks at how a conversation between President Trump and Ukraine President Volodymyr Zelensky, in which Trump asked for assistance in finding 'the server,' has sparked controversy once again around the DNC hack and CrowdStrike.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Hygiene: Why the Fundamentals Matter(Online, Software Engineering Institute at Carnegie Mellon University, October 16, 2019) In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which bears an analogy to the concept of hygiene in the medical...
Australian Cyber Conference 2019(Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...
CyberNext Summit(Washington, DC, USA, October 8 - 10, 2019) Cybersecurity is shifting toward more distributed and dynamic models. Decentralized security infrastructure brings its challenges and opportunities. CyberNext Summit (#CNS19) 8-10 October, 2019 in Washington...
Borderless Cyber(Washington, DC, USA, October 8 - 10, 2019) OASIS Borderless Cyber and The Integrated Adaptive Cyber Defense (IACD)'s Integrated Cyber merge conferences this year to bring you a three-day program addressing advances in automation and autonomous...
SecureWorld Dallas(Dallas, Texas, USA, October 9 - 10, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Jacksonville Cybersecurity Conference(Jacksonville, Florida, USA, October 10, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.