Join Dragos and the CyberWire on October 22 to hear how threat intelligence can help your organization reduce risk by improving detection, response and prevention of critical infrastructure. We’ll share real world insights from hunting some of the most sophisticated threats and cover vulnerable assets that need protection. Register today.
October 17, 2019.
By the CyberWire staff
Cozy Bear, Fancy's quieter cousin, is back, or, as ESET puts it in a study released this morning, Cozy never really left. "Operation Ghost" was discretely successful in penetrating and collecting against a number of European diplomatic targets, including at least one country's Washington embassy. Cozy Bear, which ESET calls "the Dukes," and others "APT29," is probably a unit of Russia's SVR foreign intelligence service, although the FSB is also sometimes associated with the group. Operation Ghost was characterized by patient determination and careful use of steganography. Cozy Bear came to widespread attention when its tracks were detected in the US Democratic National Committee during 2016. (Fancy Bear noisily blew the gaffe for both groups.)
Nothing new on that US cyberattack against Iranian propaganda capabilities, beyond a response from Iran's Iran Minister of Communications and Information Technology Mohammad Javad Azari-Jahromi, which Ars Technica dutifully records: it never happened, "[the Americans] must have dreamed it."
Palo Alto Networks yesterday described the Graboid worm, a cryptojacker that infests unsecured Docker hosts, about two-thousand of which the researchers came across in the course of their work. Palo Alto sniffs that Graboid (whose name is a well-chosen homage to the horror classic Tremors) may be capable of short bursts of speed, but overall is "relatively inept." Unsurprisingly, Graboid exploits improperly configured hosts.
BlackBerry Cylance has discovered malicious code that evades detection by hiding in WAV audio files. The payload is often an XMRig Monero miner.
An international dragnet took down hundreds of online pornographers.
Today's issue includes events affecting Australia, Brazil, Canada, China, Czech Republic, European Union, Germany, Iran, Ireland, Republic of Korea, Russia, Saudi Arabia, Spain, Syria, Turkey, United Arab Emirates, United Kingdom, United States.
Bring your own context.
A recent look at 2,300 systems that store medical images using the DICOM protocol found that 590 of them, about a quarter of those checked, were unprotected and connected to the internet. Were there personal data exposed?
"Yes, there were. We've seen names, date of birth, date of examination, reasons for examinations. We have had access to images related to that exam. Sometimes the patient data was sort of identified by Social Security numbers. There was lots of personal identifiable information in it, yes."
—Dirk Schrader, cyber resilience architect at Greenbone Networks, on the CyberWire Daily Podcast, 10.15.19.
Not a healthy state of affairs, but one that should be correctable.
Try cloud-native network detection and response for free!
ExtraHop Reveal(x) Cloud is SaaS-based NDR for AWS, giving you complete visibility, real-time detection, and automated threat response in the cloud. Request your free 30-day trial today.
ON THE PODCAST
In today's Daily Podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee discusses their contribution to the Splunk Boss of the SOC (BOTS) capture-the-flag competition. Our guest is Chris Hickman from Keyfactor, talking about Public Key Infrastructure.
And, of course, Hacking Humans is up, too. In this episode, "The fallacy of futility," Dave describes a Ponzi scheme that bought up legitimate investment firms. Joe shares research into deep fakes. The catch of the day includes an invitation to join the Illuminati. (Because, who wouldn't want to do that?) Ray [REDACTED] returns with follow-up from his prior visit, along with new information to share.
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email email@example.com for a chance to receive a complimentary ticket.
Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, United States, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Since its first edition in 2002, the conference has attracted a continually rising interest as both the stakes of critical infrastructure protection and the distinctiveness of securing ICSs become increasingly apparent.
Georgetown University Programs in Cybersecurity Webinar(Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.
IMAGINE, A MISI salon-style bespoke dinner event(Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
New SDBot Remote Access Trojan Used in TA505 Malspam Campaigns(BleepingComputer) Researchers discovered two new malware strains distributed via phishing campaigns carried out by the TA505 hacking group during the last two months, a new downloader dubbed Get2 and an undocumented remote access Trojan (RAT) named SDBbot.
Malicious Payloads - Hiding Beneath the WAV(ThreatVector) BlackBerry Cylance Threat Researchers recently discovered obfuscated malicious code embedded within WAV audio files. Each WAV file was coupled with a loader component for decoding and executing malicious content secretly woven throughout the file’s audio data.
Chinese Hackers Use New Cryptojacking Tactics to Evade Detection(BleepingComputer) Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection.
How AI Battles Security Threats without Humans(WIRED) Housed in the historic city of Cambridge, the R&D facility of international cybersecurity firm Darktrace is unmistakably modern. Its stylish headquarters is all clean lines and gleaming glass, opening last year in honor of Cambridge-educated computer pioneer Maurice Wilkes—who helped design the electronic delay storage calculator, one of the world’s first computers, in the 1940s.…
Baltimore Cyber Range Shaping the Future(BaltimoreCyberRange) Baltimore Cyber Range (BCR) provides real world, hands-on Cyber security training. The BCR ultra-realistic threat training environment enables Cyber Security practitioners a secure environment for working with real world threats.
Podcast Recommendations(Medium) The number of podcast listeners in the U.S. increased sharply in 2019, with nearly one out of three people listening to at least one…
Akamai's got Comcast's back for small and mid-size businesses' cybersecurity(FierceTelecom) Comcast Business is the first service provider to boot up Akamai's new cloud-based Security and Personalization Services Secure Business solution. Comcast Business is using Akamai’s SPS Secure Business as part of its new Comcast Business SecurityEdge cloud-based internet cybersecurity solution for small businesses.
Tehama and Bitnobi Partner to Lay Foundation for a Data Trust Platform(West) Tehama, the leading SaaS solution to secure mission critical and data sensitive systems when granting access to global employees and third-party contractors, and Bitnobi, a startup that has created a privacy-protected data-sharing platform, are pleased to announce the signing of a contract with the Department of National Defence to demonstrate the workings of an innovative, integrated human resources data management platform.
Technologies, Techniques, and Standards
A Review of Cybersecurity Incidents in the Water Sector – a good start but with technical issues(Control Global) The report, “A Review of Cybersecurity Incidents in the Water Sector”, was published in the September 2019 issue of the Journal of Environmental Engineering. There are many technical gaps in the report. My concerns with these water cases are similar to gaps in other industries such as electric, oil/gas, and manufacturing. As these industries use the same or similar equipment from the same vendors, the information sharing gap is still very wide.
Congressional Panel Praises Illinois Election Upgrades(Government Technology) Lake County, Ill., received high marks from panelists and the chair of the Committee on Homeland Security, which talked to local, state and federal officials about potential threats to the Illinois elections system.
What Cyber Resilience is Not About …(Business2Community) Cyber resilience must not be used to legitimise window-dressing practices around cyber security
Read more at https://www.business2community.com/cybersecurity/what-cyber-resilience-is-not-about-02249622
Cryptography without using secret keys(Phys.org) Most security applications, for instance, access to buildings or digital signatures, use cryptographic keys that must at all costs be kept secret. That also is the weak link: Who will guarantee that the key doesn't get stolen or hacked? Using a physical unclonable key (PUK), which can be a stroke of white paint on a surface, and the quantum properties of light, researchers of the University of Twente and Eindhoven University of Technology have presented a new type of data security that does away with secret keys.
South Korean National and Hundreds of Others Charged Worldwide in the Takedown of the Largest Darknet Child Pornography Website, Which was Funded by Bitcoin(US Department of Justice) Jong Woo Son, 23, a South Korean national, was indicted by a federal grand jury in the District of Columbia for his operation of Welcome To Video, the largest child sexual exploitation market by volume of content. The nine-count indictment was unsealed today along with a parallel civil forfeiture action. Son has also been charged and convicted in South Korea and is currently in custody serving his sentence in South Korea. An additional 337 site users residing in Alabama, Arkansas, California, Connecticut, Florida, Georgia, Kansas, Louisiana, Maryland, Massachusetts, Nebraska, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Texas, Utah, Virginia, Washington State and Washington, D.C. as well as the United Kingdom, South Korea, Germany, Saudi Arabia, the United Arab Emirates, the Czech Republic, Canada, Ireland, Spain, Brazil and Australia have been arrested and charged.
Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say - CyberScoop(CyberScoop) Investigators probing the Capital One data breach say they have between 20 and 30 terabytes of data in their possession as they prepare for trial against the alleged hacker, Paige Thompson, according to court documents obtained by CyberScoop. The government now is parsing through millions of individual files, prosecutors said, as well as a spreadsheet agents say they found recently on Thompson’s computer, which contains aggregated information apparently stolen from Capital One.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
AdvaMed Cybersecurity Summit(Arlington, Virginia, USA, November 6, 2019) The AdvaMed Cybersecurity Summit brings together experts across the device security spectrum. Experts will provide in-depth and timely updates on the state of medical device cybersecurity, including issues...
Health Data Stewardship & Privacy Summit(Arlington, Virginia, USA, November 7, 2019) AdvaMed’s inaugural Health Data Stewardship & Privacy Summit will bring together leading experts and health care industry stakeholders to explore the current data privacy landscape and forecast what may...
Cybersecurity for Small Businesses(Hazelton, Pennsylvania, USA, November 13, 2019) During the conference, attendees will learn how cybersecurity affects entrepreneurship, why small businesses are easy victims of cyberattacks, the impact of small business cyberattacks, and common security...
EXCHANGE 2-19(New York, New York, USA, October 16 - 17, 2019) BitSight presents EXCHANGE 2019, The Intersection of Business and Cyber Risk, an event for security and risk professionals to navigate the demands of today's dynamic cyber risk landscape. During this two-day...
6th Annual Cyber Warfare Symposium(New York, New York, USA, October 17, 2019) This unique, one-day event will bring together distinguished thought leaders and cybersecurity and cyber warefare experts from across the industry for a day of collaboration and education. The Symposium...
Toronto Cybersecurity Conference(Toronto, Ontario, Canada, October 17, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Security Leaders Summit Atlanta(Atlanta, Georgia, USA, October 17, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, USA, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.