What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
September 20, 2019.
2nd Annual National Cybersecurity Summit
At the agency's 2nd Annual National Cybersecurity Summit on Wednesday, CISA director Chris Krebs outlined what the new agency has achieved since it was set up last year. Krebs cited a number of directives and executive orders that have been passed, and he pointed to the series of indictments against threat actors around the world. As an example of the effectiveness of these measures, he said that “indictments of the SamSam ransomware actors have stopped SamSam ransomware attacks worldwide.” He cited these achievements in the course of advocating what amounts to a whole-of-nation approach, with strong cooperation between Government and the private sector. Krebs stressed the growing importance of cooperation between the public and private sectors in defending against threats: “The government’s not going to solve this problem alone. This is a national problem set.”
Looking forward, Krebs wants to prepare for a large-scale cyberattack before it happens. Relating such an event to a natural disaster, he said we know how to prepare for hurricanes because we know what happens when a hurricane hits. We don’t have that level of knowledge when it comes to a cyber event, but he said the spate of ransomware attacks against government targets this summer came “pretty close” to a large-scale event. One of the threats CISA is preparing for is the possibility that ransomware could be deployed against voter registration databases during the 2020 election.
One sort of private sector contribution Krebs would discourage, however, is FUD. He pointedly asked the cybersecurity industry to stop “selling fear.” He acknowledged that it’s an effective marketing tactic, but said we need to remove the hysteria and have measured and reasonable conversations about threats, particularly those surrounding election security. The threats to infrastructure are undeniably real, but self-interested alarmism doesn’t help, and only serves to drive down voter confidence.
By the CyberWire staff
Tensions between Iran and its regional rivals continue to run high after strikes against Saudi oil production facilities that have been widely attributed to Tehran. The US has announced tighter sanctions, and is consulting on responses with countries in the Gulf region, notably Saudi Arabia. Iran is showing signs of heightened activity in cyberspace, Fifth Domain quotes US CISA Director Krebs as saying at the National Cybersecurity Summit this week. That Iranian activity, however, hasn't risen as much as might have been expected. The observed optempo is lower, for example, than it was in the wake of Iran's destruction of a US Global Hawk surveillance drone earlier this summer.
In the ebb and flow of cybercrime, right now cryptojacking is flowing, this despite premature declarations that miners were now passé. Guardicore has been tracking the propagation of the Smominru botnet, noted for its use of EternalBlue, for its high reinfection rate, and for its installation of a variety of malicious tools, including Monero miners. BleepingComputer points out that Smominru goes to some trouble to remove rival malware strains from the machines it infects.
And Cisco Talos has been following Panda, a cryptojacking group that's been around for some time. Its opsec is still poor, but it continues to evolve new functionality that has netted the crooks about $100 thousand so far.
Huawei is making the case in a US Federal court this week that sanctions against the company amount to an unconstitutional bill of attainder, the Wall Street Journal reports.
Today's issue includes events affecting Australia, Canada, China, European Union, France, Iran, Ireland, Democratic Peoples Republic of Korea, Republic of Korea, United Kingdom, United States.
Bring your own context.
What does it actually mean to move to the cloud, especially from a security point-of-view?
"Typically, when people talk about using the cloud, it's a fairly nebulous statement and people aren't really sure what they mean. They think about, am I using Amazon to potentially run my applications, or is it mean am I using something like Salesforce when I use my, say, customers relationship management software? Really, when we talk about multicloud, it's embracing the fact that most people today are using a wide range of cloud-based applications from different vendors. And on top of that, they're using infrastructure as a service from places like Amazon and Azure and Google. And when we've surveyed customers, we've found that more than half of them are using at least two platforms as a service."
—Brian Roddy, head of cloud services at Cisco, on the CyberWire Daily Podcast, 9.18.19.
Hah—the cloud's nebulous, get it? Like, what else would a cloud be? But his pun makes a good point: it can be challenging to get a handle on risk when one's enterprise touches so many cloud-based services and applications.
Cybersecurity Fabric: The Future of Advanced Threat Response
Cyber Attacks continue to increase in size and speed, requiring greater flexibility to defend and respond to emerging security threats. Organizations need inline detection and mitigation to be successful against threats to the evolving network. The solution is one that weaves security throughout your network into a seamless fabric providing coordinated detection and response. Join LookingGlass for our upcoming webinar October 2, 2pm EST to learn how a Cybersecurity Fabric will strengthen your security strategy, simplify your stack, and advance your defenses.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at Accenture Labs, as Malek Ben Salem discusses the security aspects of facial recognition systems. Our guest is Henry Harrison, CTO of Garrison, and he describes Hardsec, a new approach to security (straight out of the UK).
Cyber Security Summits: September 17 in Charlotte and October 3 in NYC(Charlotte, North Carolina, United States, September 17, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Zero Day Con(Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 20% discount: CYBER_WIRE20
What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon - CyberScoop(CyberScoop) Voting-equipment vendors are preparing to formally ask security researchers for ideas on building a coordinated vulnerability disclosure (CVD) program, the next step in the industry’s gradual move to work more closely with ethical hackers. The Elections Industry-Special Interest Group, which includes the country’s three largest voting-systems vendors, will this week release the request for information (RFI), Chris Wlaschin, vice president of systems security at one of those vendors, Election Systems & Software, told CyberScoop.
Smominru Mining Botnet In Cyber Turf War With Rival Malware(BleepingComputer) The Smominru mining botnet continues to wreck havoc on corporate machines by not only installing cryptominers, but also stealing credentials, installing backdoors, and making system configuration modifications that could affect the proper operation of an infected machine.
Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites(TrendLabs Security Intelligence Blog) We discovered a series of incidents where the credit card skimming attack Magecart was used to hit the booking websites of chain-brand hotels — the second time we’ve seen a Magecart threat actor directly hit ecommerce service providers instead of going for individual stores or third-party supply chains.
Adware found on Google Play Store(Wandera) Wandera’s threat research team has discovered two adware apps on the Google Play Store with a combined 1.5M+ downloads. The apps are both selfie filter camera apps with similar functionality.Adware is usually viewed as a nuisance for the end-user. However, mobile adware can kill productivity l
Universities at risk from hackers, warn NCSC(SC Media) The UK's NCSC has published a report warning UK universities that "state espionage will continue to pose the most significant threat to the long-term health of both universities and the UK itself".
Thinkful Resets All User Passwords After Security Breach(BleepingComputer) Online developer bootcamp company Thinkful is sending out email notifications that state an unauthorized user was able to gain access to employee accounts credentials. Due to this, they are requiring all users to reset their passwords the next time they login.
Tridium Niagara(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vulnerabilities: Information Exposure, Improper Authorization
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a local user to escalate their privileges.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Tridium products are affected:
Eight US Cities See Payment Data Card Stolen(BankInfo Security) Click2Gov municipal payment portals for eight U.S. cities were compromised after an apparent vulnerability in the software. More than 20,000 payment card records
HP Inc. Announces Acquisition of Bromium(HP) HP Inc. (NYSE: HPQ) today announced the acquisition of end point security start-up Bromium. Bromium’s application and browser isolation technology stops attacks that other solutions miss. The technology complements and enhances HP’s existing security platform with hardware enforced application isolation and containment to protect against advanced attacks while providing real-time threat intelligence.
Peter Thiel's Palantir set to delay IPO under bumbling leadership of CEO Alex Karp(The Next Web) Bloomberg today reported that Palantir Technologies, a Peter Thiel-founded company that builds mass-surveillance solutions for law enforcement agencies, will delay its highly-anticipated IPO indefinitely. According to the report, CEO Alex Karp needs more time to woo foreign investors. Thiel‘s also reportedly sent a memo to employees indicating they shouldn’t expect the company to IPO within “the next …
Jamie Fiedrich Joins Bishop Fox as Vice President of IT Operations(Yahoo) Bishop Fox, the largest private professional services firm focused on offensive security testing, announced today that Jamie Fiedrich has joined the firm as Vice President of Information Technology (IT) Operations. Fiedrich will help define and execute the corporate
Illumio Adds Container Support, Battles VMware, Cisco(SDxCentral) Security startup Illumio added container support to its segmentation platform, which means that companies can set and enforce consistent security policies across data center, cloud, and containerized workloads.
Trump Orders Substantial New Sanctions on Iran (Wall Street Journal) President Trump said on Wednesday that he ordered Treasury Secretary Steven Mnuchin to substantially raise sanctions on Iran, the first U.S. policy response to last week’s attack on critical Saudi Arabian oil facilities.
USAF’s New Info Warfare Group Coming Into Focus(Air Force Magazine) Air Combat Command on Sept. 18 announced that its new organization spearheading information warfare is called 16th Air Force and will tentatively be led by now-25th Air Force Commander Maj. Gen. Timothy Haugh, pending his confirmation by the Senate.
Navy moves to penalize contractors for poor cybersecurity(InsideDefense.com) A new acquisition rule published this month details how the Navy could levy financial penalties against contractors for not meeting cybersecurity standards, as the service aims to better protect sensitive data in the face of what it considers a "cyber siege" by China and other competitor nations.
Coalfire Comments on Penetration Tests for Iowa Judicial Branch(Yahoo) Global cybersecurity firms such as Coalfire involved in technical testing are professionally contracted to simulate attacks using the same techniques any attacker may use to test the company's defenses so that they can remedy their vulnerabilities before a real-world incident occurs. Recently, two
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Securing Elections – Global Lessons Learned(Washington, DC, USA, September 26, 2019) A forum on securing elections featuring global experts on policy and operations from the public and private sectors. The discussion will address risks, vulnerabilities, best practices and what needs to...
Fraud Force Summit(Portland, Oregon, USA, September 18 - 20, 2019) The Fraud Force Summit is iovation's annual conference bringing customers, prospective customers, partners and industry experts together to connect, collaborate and share. The landscape for fraud prevention...
2nd Annual National Cybersecurity Summit(National Harbor, Maryland, USA, September 18 - 20, 2019) The Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) will bring together critical infrastructure stakeholders from around the world to a forum with presentations...
Industry 4.0 - Industrial Cyber Security and Industrial IoT(Chicago, Illinois, USA, September 23 - 24, 2019) The emergence of new digital industrial technology is a transformation to gather and analyze data across machines enabling faster, more flexible, and more efficient processes to produce higher-quality...
GlobalPlatform Technical Workshop(Shenzhen, China, September 24 - 25, 2019) GlobalPlatform is hosting two free-to-attend workshops in Shenzhen, China on 24th and 25th September. Both workshops will focus on device security and the deployment and use of secure devices. The agendas...
2019 FAIR Conference(National Harbor, Maryland, USA, September 24 - 25, 2019) Hosted by the FAIR Institute and our sponsoring partners, the 2019 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.