Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
September 27, 2019.
By the CyberWire staff
AFP reported yesterday that some major Airbus suppliers were hit by a cyberattack that seems designed to steal trade secrets. Engine manufacturer Rolls-Royce was among those hit, as was Expleo, a French technology consultancy and supplier. At least two other companies in the Airbus supply chain were also attacked, but their identities are so far not publicly known. There is so far no firm attribution, but informed speculation points to Chinese espionage. Either APT10 (which is also known as Stone Panda and Menupass) or JSSD are being mentioned in dispatches. JSSD is associated with the regional security ministry in Jiangsu. Jiangsu is a center of China’s aerospace industry, which is seeking to enter the commercial airline market.
Zscaler reports finding phishing campaigns (which the company assesses as "sophisticated") abusing Appspot.com and Web.app, both legitimate domains associated with Google Cloud. The researchers say the campaign, which deploys well-executed landing pages that spoof the two widely used sites, is similar to a phishing effort they found in July that was engaged in similar deception with respect to Microsoft Azure.
Imperva reports that the vBulletin zero-day is being exploited in the wild.
DoorDash disclosed that it's sustained a major data breach. Data on some 4.9 million customers, "Dashers" (gig workers who deliver for the service), and merchants were exposed to an "unauthorized third party" in May of this year. The company says the incident affected those who joined DoorDash before April 6, 2018. Customers, Dashers, and merchants who joined more recently are unaffected.
Today's issue includes events affecting Azerbaijan, Bahrain, China, Ethiopia, European Union, Hungary, India, Iran, Japan, Democratic Peoples Republic of Korea, Myanmar, Pakistan, Russia, Saudi Arabia, Singapore, Tajikistan, Ukraine, United Kingdom, United States, Venezuela, and Zimbabwe.
Bring your own context.
Ransomware attacks against city governments have become more common.
"Basically, a lot of the attacks are going after services that could affect, you know, basically basic services - right? - including law enforcement, which can be disrupted. I think that the level of impact to everyday life is higher, especially when they hit home in the cities and also information related to citizens are gold to the bad guys, right? You can identify relationships between people if you get that information. You can identify social engineering end goals to further mount additional personal attacks or more targeted attacks against people using their information to do more damage to - you know, by opening accounts and doing things like that. So I think the information within city halls used to be walled off with a lot of protection, physical protection, now, you know, can be easily exposed digitally, which becomes a fuel for the bad guys to do more to everyone."
—Fleming Shi, Chief Technology Officer at Barracuda Networks, on the CyberWire Daily Podcast, 9.24.19.
A poorly protected target with inadequate recovery capability is always attractive. Where the information encrypted affects basic services, that increases pressure to pay. From the attacker's point of view, that's just gravy. Or gold.
Is your cybersecurity program aligned with your business goals and objectives?
Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success. Learn more.
ON THE PODCAST
In today's Daily Podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour discusses the need for a variety of areas of expertise in security. Our guest is Caleb Barlow, CEO and President of Cynergistek, talking about the security implications of being CEO of a public company.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email email@example.com for a chance to receive a complimentary ticket.
Zero Day Con(Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 20% discount: CYBER_WIRE20
Cyber Attacks, Threats, and Vulnerabilities
Masad Stealer: Exfiltrating using Telegram(Juniper Networks) Juniper Threat Labs discovered a new Trojan-delivered spyware that uses Telegram to exfiltrate stolen information. Using Telegram as a Command and Control (CnC) channel allows the malware some anonymity, as Telegram is a legitimate messaging application with 200 million monthly active users. Th...
How The U.S. Hacked ISIS(NPR.org) In 2016, the U.S. launched a classified military cyberattack against ISIS to bring down its media operation. NPR interviewed nearly a dozen people who lived it.
Phishing attacks abusing appspot.com and web.app domains on Google Cloud(Zscaler) Zscaler ThreatLabZ researchers recently detected phishing campaigns that are abusing Google domains Appspot.com and Web.app. Using the domains' SSL certificates, the phishing pages, spoof leading business brands like Microsoft Office and attempt to steal user login credentials.
Attackers Are Quick to Exploit vBulletin’s Latest 0-day Remote Code Execution Vulnerability(Imperva) Imperva’s Cloud WAF has identified instances of a new 0-day vulnerability being exploited within a matter of hours of the exploit being published. On Monday 23rd September 2019, an exploit was published for a vulnerability found within vBulletin (versions 5.0.0 to 5.5.4), allowing malicious attackers to perform authentication-free Remote Code Execution on the origin server. …
Scamelot: Phishing and Email Fraud at Wes(The Wesleyan Argus) Public Safety Lieutenant Paul Verrillo has seen all kinds of scams: voices on the phone impersonating the IRS, emails about job offers that pay hundreds of dollars a week for almost no work, and hackers offering false opportunities. Verrillo said that students report scams to him all the time, but usually it’s too late.
Singapore student events app Get in data breach; 30,000 users at risk(AsiaOne) An event ticketing and payment app popular with university students across Asia and backed by the venture capital arm of Singapore state investment firm Temasek has suffered a second data breach, potentially exposing the personal details of more than 30,000 users in the city-state.
Threat Spotlight: Inefficient incident response(Barracuda) Inefficient incident response to email attacks is costing businesses billions in losses every year. For many organizations, finding, identifying and removing email threats is a slow and manual process that takes too long and uses too many resources. As a result, attacks often have time to spread and cause more damage.
HPE completes acquisition of Cray(Intelligence Community News) Hewlett Packard Enterprise of San Jose, CA announced on September 25 that it has completed the acquisition of supercomputing leader Cray Inc., earlier than the original target date. HPE paid $35.00…
Facebook tries hiding Like counts to fight envy(TechCrunch) If their post has lots of Likes, you feel jealous. If your post doesn’t get enough Likes, you feel embarrassed. And when you just chase Likes, you distort your life seeking moments that score them, or censor it fearing you won’t look popular without them. That’s why Facebook is of…
3 Ways To Prepare Now For Future Endpoint Defense(Cyber Security Hub) The traditional network endpoint was isolated to desktop PCs and laptop computers that attached to the organization’s network. A dramatic increase in mobile devices, cloud and IoT has broadened the definition. Security leader Kayne McGladrey weighs in on enterprise endpoint defense tactics.
To Invent a Quantum Internet(Quanta Magazine) Fifty years after the current internet was born, the physicist and computer scientist Stephanie Wehner is planning and designing the next internet — a quantum one.
Cyber rules for self-driving cars stall in Congress(TheHill) Major automakers are moving full steam ahead with their plans to put self-driving cars on the road, even as lawmakers and regulators in Washington fall behind on creating a cybersecurity framework for those vehicles.
Whistleblower alleges White House coverup(CNN) A whistleblower's complaint about President Trump's communications with Ukraine has been declassified. Follow here for the latest news and updates on Joseph Maguire's testimony.
NY AG James Sues Dunkin' For Neglecting User Cybersecurity(Law360) New York's attorney general has hit Dunkin' Donuts with a lawsuit for failing to protect customers from cyber attacks, alleging the coffee chain barely acted in response to two data breaches in 2015 and 2018 that together compromised more than 300,000 customer accounts.
Prosecutor: ‘Satanist’ soldier sought government’s overthrow(Army Times) A prosecutor alleged in federal court Thursday that an Army infantry soldier charged with distributing information about building bombs is a Satanist who plotted to overthrow the U.S. government, while his attorney said he's only an internet troll caught
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Detect '19(National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.
SecureWorld Detroit(Detroit, Michigan, USA, October 1 - 2, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Kansas City Cybersecurity Conference(Kansas City, Missouri, USA, October 3, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Australian Cyber Conference 2019(Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.