Join Dragos and the CyberWire on October 22 to hear how threat intelligence can help your organization reduce risk by improving detection, response and prevention of critical infrastructure. We’ll share real world insights from hunting some of the most sophisticated threats and cover vulnerable assets that need protection. Register today.
October 16, 2019.
By the CyberWire staff
Reuters reports that the US retaliated for Iranian kinetic strikes against Saudi oil facilities with cyberattacks against Iranian information operators.
China's Comac C919 airliner was built from industrial espionage, a report from CrowdStrike concludes. The complex operation was the work of Turbine Panda, a unit of the MSS Jiangsu Bureau, the Chinese intelligence service widely believed responsible for the 2015 breach of the US Office of Personnel Management. The campaign on behalf of Comac was long-running, patient, and multi-faceted, encompassing "forced technology transfer, joint ventures, physical theft of intellectual property from insiders, and cyber-enabled espionage."
The C919 sports subsystems derived from the Franco-American CFM Leap-1 engine, and from suppliers that include Aircelle, Michelin, Honeywell, Liebherr, Parker Aerospace, GE, Rockwell Collins, Eaton, Crane AE, and Kidde. French, German, British, and especially American companies are among the involuntary contributors to the program.
Digital Shadows warns that typosquatting will prove a widespread and probably effective influence tactic in the 2020 US elections.
Flashpoint looks into the criminal-to-criminal market's pricing structure.
Pitney Bowes recovers from its ransomware infestation.
Wichita attorney Brad "the Bull" Pistonik has taken a guilty plea to three counts of being an accessory after the fact to "making an extortionate threat over the Internet," the Wichita Eagle reports. The misdemeanors will earn him no jail time, but he will pay a $375,000 fine and $55,200 in restitution. The incident arose from Mr. Pistonik's retention of reputation management services that allegedly threatened sites that had posted discreditable material about the accident attorney.
Today's issue includes events affecting Australia, China, Estonia, France, Germany, Iran, Israel, Democratic Peoples Republic of Korea, Kuwait, Saudi Arabia, Sweden, United Arab Emirates, United Kingdom, United States.
Bring your own context.
We inevitably deal with a lot of bad news around here. It's worth remembering that there's a good-news/bad-news asymmetry.
"Again, the goal is not to assign a blame, right? It's not a news story if you're preventing a breach for, like, 10 years in a row. But the one day that you slip up - right? - it's a major headline. So it's really asymmetrical. It's a hard problem. But in spite of that, there is a very, very valuable learning opportunity that we're not capitalizing on right now."
—Kumar Saurabh, co-founder and CEO of LogicHub, on the CyberWire Daily Podcast, 10.11.19.
It's tough to take your lumps, but it's important to learn and move on. Have a good after-action review.
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email email@example.com for a chance to receive a complimentary ticket.
Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, United States, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Since its first edition in 2002, the conference has attracted a continually rising interest as both the stakes of critical infrastructure protection and the distinctiveness of securing ICSs become increasingly apparent.
Georgetown University Programs in Cybersecurity Webinar(Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.
IMAGINE, A MISI salon-style bespoke dinner event(Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
“BriansClub” Hack Rescues 26M Stolen Cards(KrebsOnSecurity) “BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.
The Growing Risk of a Major Satellite Cyber Attack(Via Satellite) The third iteration of CyberSat begins in November, where members of the satellite, end user, and cyber communities will get together to discuss the threat landscape and vectors for a cybersecurity attack on satellites. We talk to some of experts of the CyberSat advisory board about major threats to the sector.
Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect(Anomali) Rocke, a China-based cryptomining threat actor, has changed its Command and Control (C2) infrastructure away from Pastebin to a self-hosted solution during the summer of 2019. The setup scripts were hosted on the domains “lsd.systemten[.]org” and “update.systemten[.]org” as pastes. In September 2019, the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records. These records are accessed via...
Hackers Impersonating Other Hacker Types(Security Boulevard) State-sponsored hackers and other threat actors are impersonating each other in an attempt to evade detection, according to a recent report.
Vulnerability Summary for the Week of October 7, 2019(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Typosquatting and the 2020 U.S. Presidential election(Digital Shadows) Photon Research Team thought it would be interesting to use this pool of candidates as a backdrop for research into typosquatted domains; following the 2016 presidential election, it was a fair bet we would find some interesting tidbits using our SearchLight™ platform.
SyncDog Partners with KoolSpan(Financial News) SyncDog Inc., the Independent Software Vendor (ISV) for next generation mobile security and data loss prevention, has announced their partnership with KoolSpan, the provider of encrypted secure voice and messaging solutions for smartphones, the company said.
Big Game Phishing(Cooley) On October 2, 2019, the FBI issued a Public Service Announcement to alert US businesses and organizations to plan and prepare for what are being described as high-impact ransomware events. Certain …
Creating a Unified Continuous Monitoring Cybersecurity Taxonomy: Gaining Ground by Saying What’s What(Shared Assessments) Continuous monitoring is a rapidly expanding field where a common taxonomy is key to setting expectations in the field and a consistent understanding around continuous monitoring practices. To resolve this problem, the Shared Assessments Program Continuous Monitoring Taxonomy subgroup is proposing a common taxonomy that categorizes the types of alert information that can be selected to be monitored.
Here’s what the Army’s cyber protection teams need(Fifth Domain) Col. Chad Harris, project manager for Defensive Cyber Operations at the Army Program Executive Office Enterprise Information Systems, shared what his teams are looking for in the new tools that it adds.
Appeasing the Oasis of Unknown: Shadow IT Discovery(Security Boulevard) In a sea of millions of apps, which one is the biggest fish to fry? Firewall and proxy logs catch the traffic of users, but identifying what needs attention in such comprehensive logs can be overwhelming. Shadow IT discovery offers the ability to narrow down the search to apps that should be more closely monitored and controlled.
Where it all went wrong for Facebook’s Libra(Silicon Valley Business Journal) Facebook was blindsided this month when seven of the high-profile companies involved in its digital currency project, including eBay, PayPal, Visa and Mastercard, stepped back, leaving its future hanging in the balance.
Facebook should ban campaign ads. End the lies.(TechCrunch) Permitting falsehood in political advertising would work if we had a model democracy, but we don’t. Not only are candidates dishonest, but voters aren’t educated, and the media isn’t objective. And now, hyperlinks turn lies into donations and donations into louder lies. The checks don’t balance. Wh…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
AdvaMed Cybersecurity Summit(Arlington, Virginia, USA, November 6, 2019) The AdvaMed Cybersecurity Summit brings together experts across the device security spectrum. Experts will provide in-depth and timely updates on the state of medical device cybersecurity, including issues...
Health Data Stewardship & Privacy Summit(Arlington, Virginia, USA, November 7, 2019) AdvaMed’s inaugural Health Data Stewardship & Privacy Summit will bring together leading experts and health care industry stakeholders to explore the current data privacy landscape and forecast what may...
CISO Leadership Forum(Austin, Texas, USA, December 4 - 5, 2019) Forget the typical conference, which may or may not focus on the latest industry buzz, vendor specific pitches or trendy new development. Our learning sessions are vendor agnostic only as we focus on peer-to-peer...
SecureWorld Twin Cities(Minneapolis, Minnesota, USA, October 16, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
7th Annual Cyber Resilience Summit(Arlington, Virginia, USA, October 16, 2019) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...
Cyber Hygiene: Why the Fundamentals Matter(Online, Software Engineering Institute at Carnegie Mellon University, October 16, 2019) In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which bears an analogy to the concept of hygiene in the medical...
EXCHANGE 2-19(New York, New York, USA, October 16 - 17, 2019) BitSight presents EXCHANGE 2019, The Intersection of Business and Cyber Risk, an event for security and risk professionals to navigate the demands of today's dynamic cyber risk landscape. During this two-day...
6th Annual Cyber Warfare Symposium(New York, New York, USA, October 17, 2019) This unique, one-day event will bring together distinguished thought leaders and cybersecurity and cyber warefare experts from across the industry for a day of collaboration and education. The Symposium...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.