How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
October 22, 2019.
SecurityWeek's 2019 ICS Cyber Security Conference
SecurityWeek's 2019 ICS Cyber Security Conference has entered its second day following Monday's training sessions, some of which are described in the links below.
The featured presentation this morning was a fireside chat with former NSA Director and US Cyber Command head Admiral (retired) Mike Rogers. He reviewed the strategic motives of the opposition in cyberspace (singling out North Korea, Russia, and China), and he made a case for approaching cybersecurity, in the context of national security, as a risk management problem. And sound risk management should begin with an appreciation of the opposition's strategic goals.
We'll continue our coverage of SecurityWeek's 2019 ICS Cyber Security Conference throughout the week.
By the CyberWire staff
Facebook announced yesterday that it's removed four distinct "networks of accounts, Pages and Groups" from Facebook and Instagram for engaging in "coordinated inauthenticity." Three of the networks originated in Iran, the fourth in Russia. Two of the Iranian networks advanced a pro-Iranian, anti-Israeli and anti-US line; their audience was principally in the US and the Francophone regions of the Middle East and North Africa. The third promoted similar content to a Latin American audience. The Russian network pursued Moscow's now-familiar strategy of deepening existing fissures in American civil society.
Facebook also said it will begin labeling content from state-controlled media not to censor them, but to hold them to a "higher standard of transparency," the Telegraph reports.
NordVPN, TorGuard, and VikingVPN are said (by Ars Technica and others) to have experienced breaches that leaked encryption keys. NordVPN and TorGuard have issued statements intended to reassure users that their security has not been seriously compromised.
Avast has suffered more issues with its CCleaner product. The breach, which Avast says is now fixed, appears connected to exploitation by foreign intelligence services. ZDNet says Czech intelligence services identified the culprit as China. KrebsOnSecurity points to a common factor in the NordVPN and Avast breaches: forgotten user accounts.
The European Data Protection Supervisor has released an update on its ongoing investigation of Microsoft's contracts with various European institutions. That investigation remains incomplete, but the EDPS says it has "serious concerns" over the adequacy of contractual provisions designed to ensure compliance with data protection rules.
Today's issue includes events affecting Argentina, Bolivia, Brazil, China, Czech Republic, Germany, Ecuador, European Union, Iran, Israel, Mexico, Peru, Russia, United States, and Venezuela.
Bring your own context.
Phishbait has to be compelling. Witness the recent Iranian use of veteran-themed sites.
"This is basically another great example of an attacker finding a really clever social engineering angle to make victims become more susceptible to a traditional malware campaign. If you look back on it, this is not too dissimilar from other things we've seen in the past, right? Like, you see things like attackers pretending you have a bill due, and you should immediately click and log in, right? And so when they go for these types of emotionally charged issues, be it you're going to help out heroes, you've got a bill due, your password's been compromised - all those are really designed to have you react emotionally. The thought process is basically, the faster and more quickly you can react emotionally, the less likely you are to think it through, and then the bad guy is much more likely to get their way. And so in this particular case, you know, the bad guys actually found, you know, a relatively convincing-sounding domain. Hire military heroes dot com: it sounds legit, right?"
—Craig Williams, head of Talos outreach at Cisco, on the CyberWire Daily Podcast, 10.18.19.
The phish have got to be willing to bite, and they bite on the shiny things they care about.
The modern workplace is infiltrated everyday — bring your own device policies and increased vendor access have introduced a whole new layer of cyber risk to the office environment. Since no vendor or customer should be automatically trusted, Zero-Trust frameworks have become more prevalent. How can organizations best protect themselves and their networks? Join LookingGlass’ Eric Olson & James Carnall for a webinar discussing best practices and war stories at 1 pm ET October 31, 2019.
Georgetown University Programs in Cybersecurity Webinar(Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.
IMAGINE, A MISI salon-style bespoke dinner event(Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.
Cyber Security Summits: November 6 in Boston and November 21 in Houston(Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
Powerful Forces Are Reshaping Continuous OT Monitoring Requirements(Nozomi Networks) Three powerful developments are reshaping the world’s continuous OT monitoring requirements: the rapid convergence of IT/OT security, broader use of corporate SOCs and external security providers, and accelerating digital transformation.
Join ARC Advisory Group Vice President Sid Snitkin as he explores the impact each trend is having on core cyber security needs.
Russian hackers have been mooching off existing OilRig infrastructure(CyberScoop) Russian-linked hackers known as the Turla group have been piggybacking on Iranian hackers’ tools and infrastructure for years now to run their own attacks, according to a joint announcement Monday from the National Security Agency and the U.K.’s National Cyber Security Centre.
Avast, NordVPN Breaches Tied to Phantom User Accounts(KrebsOnSecurity) Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.
Georgia County's Experience Shows Perils of Ransomware(SecurityWeek) Ransomware attacks have taken out computer systems at law enforcement agencies and local governments around the country, forcing them to revert to pen and paper for tasks typically done in an instant on computers.
SECUDE Joins Microsoft Intelligent Security Association(Yahoo) SECUDE, SAP partner and a leading data security provider specializing in security for SAP and CAD data, today announced that it has joined the Microsoft Intelligent Security Association. For SECUDE, the collaboration is a critical step forward on multiple fronts. The agreement permits SECUDE’s product
BioNovelus, Inc. Announces Patricia Frost to Join Advisory Board(West) BioNovelus, Inc. (OTC: ONOV) announces Patricia Frost has joined the Company’s Advisory Board. BioNovelus’ Advisory Board seats individual entrepreneurs and senior cyber security / information technology (IT) executives with business, government and technical expertise useful for assisting in identifying, integrating and growing acquired companies.
Nok Nok Labs First to Provide FIDO-Based Authentication for Smart Watches(Nok Nok Labs) Strategic Analytics recently reported that global smart watch shipments grew an impressive 44 percent annually to reach 12 million units in the second quarter of 2019. Smart watch usage for applications beyond fitness has grown to include banking, productivity applications such as Slack, ecommerce such as Apple Pay, as well as home security applications such …
Splunk Mission Control Takes Off, Supercharging the Security Operations Center (Splunk) Splunk Inc. announced new innovations across its Security Operations Suite to modernize and unify the Security Operations Center (SOC). Anchored by the newly launched Splunk® Mission Control, the Splunk Security Operations Suite makes it easier than ever for security analysts to turn data into doing by managing security across the entire threat lifecycle.
STOP Ransomware Decryptor Released for 148 Variants(BleepingComputer) The release of Emsisoft's STOP Ransomware decryption service is a huge achievement and will be a life saver for both the victims and the helpers on BleepingComputer. It should be noted, though, that while this decryptor can help with the majority of STOP variants, anyone who was infected after August 2019 cannot be helped.
Facebook steps up security amid fresh signs of Russia meddling(The Bull) Facebook said Monday it was tightening its security for the 2020 US elections, amid signs of fresh activity from Russia attacking Democratic presidential candidates, including Joe Biden. The leading social network said it was taking down more accounts for “inauthentic” activity and stepping up scrutiny of “state controlled” media seeking to manipulate American voters. As...
EU contracts with Microsoft raising ‘serious’ data concerns, says watchdog(TechCrunch) Europe’s chief data protection watchdog has raised concerns over contractual arrangements between Microsoft and the European Union institutions which are making use of its software products and services. The European Data Protection Supervisor (EDPS) opened an enquiry into the contractual arr…
Man sentenced for hacking LA court system(Washington Post) A man who hacked Los Angeles County court computers, sent 2 million malicious phishing emails and stole hundreds of credit card numbers has been sentenced in Los Angeles
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, USA, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze...
PCI SSC 2019 Europe Community Meeting(Dublin, Ireland, October 22 - 24, 2019) The PCI Security Standards Council’s 2019 Europe Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry effort...
Omaha Cybersecurity Conference(Omaha, Nebraska, USA, October 24, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Florida Cyber Conference 2019(Tampa, Florida, USA, October 24 - 25, 2019) Join hundreds of stakeholders from Florida's cybersecurity community and beyond for innovative content, in-depth discussion, hands-on demos, networking, and more! With more than 20 breakout sessions across...
National Security Leaders Symposium(Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.