Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
October 10, 2019.
By the CyberWire staff
Europol's 2019 Internet Organized Crime Threat Assessment is out. Ransomware remains the biggest criminal problem, and organized crime continues to defraud e-commerce and financial organizations. As gangs become more "audacious" and sophisticated; Europol wants to enhance its ability to investigate crimes touching the dark web and cryptocurrencies.
US NSA Director Nakasone said yesterday that the first priority of NSA's new Cybersecurity Directorate will be to shore up the defenses of the Defense Industrial Base (DIB), with particular attention paid to securing the companies in the DIB from intellectual property theft, MeriTalk reports.
A study of code snippets available in Stack Overflow confirms that quality control is a small but real problem. But apparently developers tend to think the propagation of such vulnerabilities is an acceptable cost when balanced against the benefits of fast coding and project completion.
A US Defense Intelligence Agency analyst has been charged with two counts of willful transmission of national defense information. The Government alleges that Henry Frese gave two reporters highly classified material. The Washington Post says Mr. Frese was interested in advancing the reporters' careers. One reporter worked for CNBC, the other for MSNBC.
China is enjoying some success suppressing expressions of support for Hong Kong protesters in Western corporate circles. Apple has removed a police-tracking app used by protesters, Quartz reports, and a bipartisan group of US Senators and Representatives thinks the NBA has joined Team Beijing. CyberScoop says NSA Director Nakasone yesterday accused China of "weaponizing information" with respect to Hong Kong.
Today's issue includes events affecting Australia, China, European Union, Germany, Netherlands, Russia, United Kingdom, United States, and Zimbabwe.
Bring your own context.
Should you be hit by ransomware (which heaven forfend) what should you do about it?
"The very first thing that is actually a little bit counterintuitive is to leave the ransomware alone, meaning don't delete the ransomware file that you double-clicked. Don't do anything with that. And the reason being is quite simple - to have a chance to get your files back, if we can't readily determine what kind of ransomware you got hit by, we will have to take a look at the actual file that you executed and that infected your system. If you deleted that file or if you got rid of it somehow, then that process becomes way, way more difficult because, in that case, we would have to try to find the ransomware file ourselves.... Now, the next step is you have to figure out kind of what kind of ransomware you got hit by. And don't trust the ransomware telling you its real name. There have been so many cases where there are copycats that try to imitate bigger and more professional campaigns. For example, like, one of the biggest ransomware campaigns was CryptoLocker, for example. There have been so many ransomware that had nothing to do with CryptoLocker that just pretended to be CryptoLocker. So don't trust anything the ransom note says. Don't trust anything the ransomware may display to you."
—Fabian Wosar of Emsisoft, on Hacking Humans, 10.10.19.
And then look for decryptors, but from security firms, not from the crooks. And, of course, take good care of your backups. You had those all along, right?
According to Coalfire’s latest report on FedRAMP, U.S. agencies spent $6.5B in cloud services in FY2018, an impressive 32 percent year-over-year increase, with the vast majority of Federal cloud migration still to come. SaaS/PaaS/IaaS providers can gain access to this market with significantly less investment in both time and cost by taking advantage of automation and recent FedRAMP program updates. Learn how.
ON THE PODCAST
In today's Daily Podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee discusses the roles of regulations and incentives in securing the electrical grid. Our guest is Robb Reck from Ping Identity, sharing results from their CISO Advisory Council’s new research on securing customer identity.
See the current Hacking Humans for a discussion of ransomware, among other things. In this week's episode, "Don't trust the ransomware to tell you its real name," Joe describes online redirect scams, URL encoding and the clever combination of the two. Dave shares delightful satire about Russian brides and Nigerian princes, together at last. The catch of the day involves a student getting the best of scammers, getting them to send him money. Our guest is Fabian Wosar from Emsisoft, well-known for decrypting ransomware.
Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale(New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
Texas Cyber Summit Job Fair, October 10, San Antonio.(San Antonio, Texas, United States, October 10, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free Texas Cyber Summit Job Fair, October 10 in San Antonio. Meet face-to-face with leading cyber employers. Visit ClearedJobs.Net or CyberSecJobs.com for more details.
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email firstname.lastname@example.org for a chance to receive a complimentary ticket.
IMAGINE, A MISI salon-style bespoke dinner event(Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
European risk report flags 5G security challenges(TechCrunch) European Union Member States have published a joint risk assessment report into 5G technology which highlights increased security risks that will require a new approach to securing telecoms infrastructure. The EU has so far resisted pressure from the U.S. to boycott Chinese tech giant Huawei as a 5…
Dutch website hack reveals data of 250,000 sex workers' clients: report(Netherlands Times) The account details of the 250 thousand users of Dutch website Hookers.nl have leaked out after a vulnerability on the website was exploited. A hacker captured the members' data and is offering it for sale, NOS reports based on its own research after an anonymous tip. The website is popular among clients of sex workers, who exchange tips, reviews and experiences in the sex industry. The problem extends beyond clients of sex workers. Sex workers themselves are also active on the website. They also may want to not be known as a sex worker with their real names.
2019 Healthcare Industry Report on Cyberattacks Released(Proofpoint US) Few industries can claim a mission more critical, data more sensitive, or operations more complex than healthcare. Unfortunately, these characteristics mean healthcare companies are challenging to protect. Cyberattacks expose personal health data. Ransomware shuts down emergency rooms. Fraudulent emails defraud business associates, patients, and clinical staff. These threats hurt the healthcare industry’s ability to care for patients.
Research: SMB Cyberattacks Spike, Getting More Sophisticated(Channel Partners) Attacks against U.S., U.K. and European businesses are growing in both frequency and sophistication, and nearly half of the survey respondents described their organization’s IT security as ineffective, with 39% reporting they have no incident response plan in place.
Berlin-based EMnify snags €8 million Series A for IoT security SaaS(Tech.eu) EMnify, a German startup based in Berlin and Würzburg, announced its existing investors have funded an €8 million Series A round to help scale the company’s unique Internet of Things cloud technology. EMnify provides a SaaS product that allows users to securely operate IoT data networks around the world. In fact, the company claims to …
Artificial Intelligence Startup SparkCognition Raises $100 Million in Additional Funding(SiliconHills) SparkCognition announced Tuesday that it has raised $100 million in additional VC funding. March Capital Partners led the Series C round. To date, the Austin-based startup, founded in 2013, has raised $175 million. “In a short few years, SparkCognition has proven itself to be one of the leading industrial AI companies in the world,” Sumant …
Nerds on Site Launches CyberSecurity Incident Response(Yahoo) Nerds On Site Inc. ("NERDS" or the "Company") (NERD.CN) (3NS.F) (OTCQB: NOSUF), a mobile IT solutions company servicing the SME marketplace, launches its CyberSecurity Incident Response, designed to address cyberattacks with minimal damage, recovery
Kentucky Cybersecurity Program Receives National Accolade(Government Technology) Owensboro Community & Technical College's computer and IT program has been named a National Center of Academic Excellence in Cyberdefense Education by the National Security Agency and the Department of Homeland Security.
Trump Green-Lights Some Sales to Huawei(New York Times) The administration plans to issue licenses allowing some American companies to sell nonsensitive products to Huawei, despite its placement on a U.S. blacklist.
NSA Chief: DIB is New Cybersecurity Directorate’s First Focus(MeriTalk) Army Gen. Paul Nakasone – who heads both the National Security Agency and U.S. Cyber Command – said today that the first focus of NSA’s recently launched Cybersecurity Directorate will be to shore up protection of companies that make up the nation’s Defense Industrial Base (DIB), and specifically to prevent the theft of intellectual property from DIB companies.
Exclusive: DHS seeks subpoena powers to identify vulnerable systems(TechCrunch) Homeland Security’s cybersecurity division is pushing to change the law that would allow it to demand information from internet providers that would identify the owners of vulnerable systems, TechCrunch has learned. Sources familiar with the proposal say the Cybersecurity and Infrastructure S…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
CyberForce(College Park, Maryland, USA, November 7, 2019) A gathering of government and industry to bridge the managerial, operational, and technical skills gap of today's cybersecurity workforce.
Insider Threat Program Development & Management Training(College Park, Maryland, USA, December 3 - 4, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development & Management Course, at the University of Maryland College Park Campus.
CyberNext Summit(Washington, DC, USA, October 8 - 10, 2019) Cybersecurity is shifting toward more distributed and dynamic models. Decentralized security infrastructure brings its challenges and opportunities. CyberNext Summit (#CNS19) 8-10 October, 2019 in Washington...
Borderless Cyber(Washington, DC, USA, October 8 - 10, 2019) OASIS Borderless Cyber and The Integrated Adaptive Cyber Defense (IACD)'s Integrated Cyber merge conferences this year to bring you a three-day program addressing advances in automation and autonomous...
SecureWorld Dallas(Dallas, Texas, USA, October 9 - 10, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Jacksonville Cybersecurity Conference(Jacksonville, Florida, USA, October 10, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
driving.digital Conference 2019(Nitra, Slovakia, October 14 - 15, 2019) An international program conference focused on cyber security in the automotive industry and mobility. Conference themes will address the topic of stability of digital solutions in the automotive and mobility...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.