How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
September 30, 2019.
By the CyberWire staff
In two apparently unrelated incidents, Rheinmetall and Defence Construction Canada sustained attacks on their IT infrastructure. In Rheinmetall's case the attack, whose precise nature the company didn't specify, disrupted automotive production in Brazil, Mexico, and the US. Defence Construction Canada has been able to maintain operations in the face of what the Ottawa Sun reports may have been a ransomware attack.
SRLabs says it's developed a way of determining whether devices are vulnerable to SimJacker and similar exploits.
Police in the German Land of Rhein-Pfalz have raided and shutdown a bulletproof-hosting data center in Traben-Trarbach, the AP reports. The action crossed both Land and international boundaries, with arrests near Frankfurt and other police action in the Netherlands, Luxembourg, and Poland. The data center, located in a surplus NATO facility acquired by a Dutch national in 2013, is thought to have been involved in both contraband markets and in the 2016 distributed denial-of-service attack on Deutsche Telekom.
Gnosticplayers may be back. Online game company Zynga disclosed a breach on September 12th, and now the Hacker News says that Gnosticplayers (a nom de hack) claims he (she? they?) has counted coup against Zynga, gaining access to some 218 million Words with Friends accounts. Gnosticplayers is neither a greyhat nor a gadfly. Earlier this year he gained notoriety for offering 747 million records culled from twenty-four popular sites.
A snail-mail letter purporting to be from Her Majesty's household asks recipients to help Queen Elizabeth save Britain's economy from Brexit (with Bitcoin, of course).
Today's issue includes events affecting Bangladesh, Brazil, Canada, China, Germany, Iran, Ireland, Lebanon, Mexico, Netherlands, New Zealand, Pakistan, Russia, Saudi Arabia, Ukraine, United Kingdom, United States, and Vietnam.
Bring your own context.
Establishing a foothold in a network is usually valuable because that foothold enables lateral movement.
"With lateral movement, that's when you establish a single system as your - kind of your starting base, your foothold. And then, you know, based from there, you take whatever you can get off of that machine that helps you move to other systems on the network. And, you know, it's kind of the initial starting point for an attacker. But ultimately, they have some objective, whether it be intellectual property, or customer data or financial motivations. That's kind of the ground zero. And lateral movement allows them to, you know, move to other systems that gets them access to that data."
—Tim Keeler, CEO and founder of Remediant, on the CyberWire Daily Podcast, 9.26.19.
It's not so much where they are that's valuable, but where they can get from there.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale(New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email firstname.lastname@example.org for a chance to receive a complimentary ticket.
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
Cyber Attacks, Threats, and Vulnerabilities
Hackers break into Lebanese Ministry of Finance website(Arab News) A hacker group claimed it had hacked the Lebanese Ministry of Finance’s website for about an hour on Friday afternoon. The Anonymous—LEB group, which said it had carried out the attack, addressed the Ministry through a post on its Facebook page saying: “Dear Lebanese Government: If you think we forget, you are mistaken !!! We have all ministry of finance data, to be leaked soon! WE DON’T LEAVE OUR PEOPLE
Scammers Find More Opportunities on Internet Marketplaces (Wall Street Journal) A new study of consumer behavior found that scammers are far more likely to succeed in stealing money from potential targets by using websites and social media than through the phone calls and emails they have long used.
VMware and Carbon Black Announce Extension of Tender Offer(West) VMware, Inc. (NYSE: VMW) and Carbon Black, Inc. (NASDAQ: CBLK) have announced that VMware has extended the offering period of its previously announced cash tender offer to purchase all of the outstanding shares of common stock (the “Shares”), of Carbon Black for a price of $26 per share (the “Tender Offer”).
Don’t feed the phish(Education Executive) Cyber-attacks pose a big threat to schools and many have already been targeted. Matt Britland, director of IT and digital strategy at Alleyn’s School in London, explains the importance of ensuring staff and students can identify phishing emails
6 Cyber Bills You Might Have Missed(Nextgov.com) The bills aim to strengthen the Homeland Security Department’s cybersecurity efforts and help the energy sector improve its digital defenses.
The Strange Career of ‘National Security’(The Atlantic) When the two-word phrase became a national obsession, it turned everything from trade rules to dating apps into a potential threat to the United States.
Trump whistleblower agrees to testify in Congress(Times) The whistleblower whose complaint over a White House phone call triggered impeachment proceedings against President Trump has agreed to testify to Congress, the Democrat leading the inquiry said...
Ocasio-Cortez Set to Testify in Lawsuit Challenging Blocking of Twitter Follower(New York Law Journal) U.S. Rep. Alexandria Ocasio-Cortez, D-New York, was sued over the management of her @AOC Twitter account the same day that the 2nd U.S. Circuit Court of Appeals affirmed a trial judge's ruling that President Donald Trump violated the First Amendment by blocking people from his @realDonaldTrump Twitter account.
Most victims still not reporting cyber crimes: survey(The Daily Star) Though a year has gone by since the Digital Security Act was passed in the parliament, 80 percent of cyber crime victims do not report the cases to law enforcement agencies, according to a recent survey conducted by Cyber Crime Awareness Foundation.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Detect '19(National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.
SecureWorld Detroit(Detroit, Michigan, USA, October 1 - 2, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Kansas City Cybersecurity Conference(Kansas City, Missouri, USA, October 3, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Australian Cyber Conference 2019(Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.