MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
February 3, 2020.
By the CyberWire staff
Dragos this morning publicly released its full report on the EKANS ransomware that has recently afflicted industrial control systems. (EKANS is referred to as “SNAKE” in some sources, “EKANS” being “SNAKE” spelled backwards.)
Australia’s Toll Group, a logistics company that operates a fleet of seven cargo ships, has shut down some systems while it investigates and recovers from a suspected cyberattack, according to industry publication Splash 24/7.
As usually happens with any news story that achieves widespread circulation and considerable penetration into popular consciousness, the coronavirus epidemic continues to be used as phishbait to spread malware. Tech Republic, citing research by both Kaspersky and IBM’s X-Force, reports that emails circulating in Japan and purporting to be from a disability welfare service provider are serving as an infection vector. The inducement to open a malicious Word document attached to the email is the false report that the virus has broken out in three Japanese prefectures.
The Iowa caucuses are the first round in the US Presidential primaries, and they meet today. Although as Politico notes caucus voting is lower-tech than it will be in other contests, Iowa affords the first look at how 2020’s vote will proceed in the face of expected cyber disruption.
The state of West Virginia intends to make casting a ballot by smartphone an option for disabled voters this year, NBC News reports.
Mondaq says that the city of Chicago’s lawsuit against Marriott over the hotel chain’s 2018 data breach has survived a motion to dismiss.
Today's issue includes events affecting Australia, Bolivia, Canada, China, Russia, Saudi Arabia, Switzerland, United Kingdom, United States.
Bring your own context.
Growing in comparison to account takeover in the black market: access-as-a-service.
"So one of the things that we're tracking here that we've been tracking for a while is the way that services are developing in criminal marketplaces. We're all familiar with account takeover. We know that credentials are being sold and marketed for fraudsters to then go take over accounts themselves. But there's something that's been developing over the last couple of years and over the past few months in particular that I'm thinking of as access as a service. So instead of having credentials to go take over an account yourself, for example, a vendor might offer what is essentially a value-added service - so saying, hey; what are you trying to do? Can I do that for you? Can I get you there with some additional benefits or resources that I have on my end so you can enjoy all of the fruits of the labor without taking on the risk yourself? ...I think it's interesting to see what sort of brands are appearing for these kinds of services, you know, what sort of brands that have points or status or, you know, loyalty rewards are then trickling over, are then generating demand in these criminal communities. We've seen it for a long time with things like beauty brands that have points, but then airlines and hotels are a natural next step."
—Emily Wilson, VP of research at Terbium Labs, on the CyberWire Daily Podcast, 1.31.20.
The crooks have always been interested in helping people get comped.
Coming soon: CyberWire Pro.
Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
Aerospace news worthy of attention.
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
Cyber influence campaigns have plagued countries across the globe in the past few years, with foreign policy objectives, economic goals, and public opinion caught in the crossfire. LookingGlass researchers have tracked over 2000 People’s Republic of China-related influence operators on Twitter to better understand the current landscape. In our next webinar, Tom Creedon will explore these findings to gain an understanding of operator account patterns and targets. Save your seat for February 6 at 1pm ET.
Suits & Spooks(Washington, DC, United States, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers from government agencies and technology companies engage in discussion and debate of security challenges. World-class speakers describe their vision of future threats and leading-edge companies will exhibit novel solutions. Get 15% off with discount code cyberwire15.
Cyber or Cleared Job Fair, February 13, San Antonio.(San Antonio, Texas, United States, February 13, 2020) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber or Cleared Job Fair, February 13 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Cyber Attacks, Threats, and Vulnerabilities
EKANS Ransomware and ICS Operations(Dragos) EKANS ransomware emerged in mid-December 2019, and Dragos published a private report to Dragos WorldView Threat Intelligence customers early January 2020.
Bad Rabbit Ransomware(KnowBe4) Bad Rabbit first appeared in October of 2017 with a worldwide campaign targeting organizations in Russia, Ukraine and the U.S. Investigators now believe the ultimate goal was not ransom, but gaining undetected access and maintaining it long term.
Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure (Part II)(Check Point Research) Research by Ronen Shustin Cloud Attack Part II In the previous part we talked about the Azure Stack architecture and mentioned that it can be extended with features that are not part of its core. Using the ability to research cloud components offline, we took this opportunity to research Azure App Service. In this part,... Click to Read More
Detecting Citrix CVE-2019-19781(CISA) Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.
Though mitigations were released on the same day Citrix announced CVE-2019-19781, organizations that did not appropriately apply the mitigations were likely to be targeted once exploit code began circulating on the internet a few weeks later.
Toll Group shuts down several systems after suspected cyber attack -(Splash 247) Australian transport and logistics company Toll Group has had to shut down a number of systems in response to a suspected cyber security incident. The company said it is investigating the cause of the incident. “We expect several Toll customer-facing applications to be impacted as a result. Our immediate priority is to resume services to …
Why You Don’t Need to Be Bezos to Worry About Spyware(Washington Post) The news that an iPhone owned by Amazon.com Chief Executive Officer Jeff Bezos had been hacked prompted widespread speculation about how it happened and whether the Saudi crown prince may have been involved, as some investigators have alleged. But it also led many people to wonder whether their own phone might be turned against them.
Huawei’s Catch-22 - The Commentator(The Commentator) On January 24th, the U.S. Commerce Department’s plan to further limit trade with Chinese tech giant Huawei (pronounced Wah-Way) was thwarted with the Pentagon opposing the ruling. At first glance, the headline seems confusing and conflicting as the Pentagon had been fighting tooth and nail to try to limit Huawei’s presence in the U.S — …
Fortinet’s FortiWeb Cloud Powers Continent 8’s New WAF-as-a-Service Offering(Globe Newswire) Continent 8 Technologies, a leading provider for managed hosting, networking, security, and cloud infrastructure managed services, today unveiled its new Cloud WAF product powered by Fortinet’s FortiWeb Cloud. Combined with Fortinet’s solution, Continent 8’s Cloud WAF secures their customers’ applications, no matter where they are hosted.
How to avoid the mistakes made in the UN data breach(TechRepublic) Falling prey to a hacker because it neglected to properly patch its systems, the United Nations also failed to publicly disclose the hack. Here's how your organization can avoid the same mistakes.
Europe shows it will not blindly do US bidding(China Daily) The Tuesday decision by the British government led by Prime Minister Boris Johnson to allow Huawei to participate in the country's 5G network has dealt a major blow to those in Washington who have been hysterically trying to pressure and intimidate the United States' allies to exclude the Chinese telecommunications giant.
Pentagon finalizes first set of cyber standards for contractors(Fifth Domain) The Pentagon has finalized the long anticipated cybersecurity standards contractors will have to follow before winning contracts from the Department of Defense, a new process called the Cybersecurity Maturity Model Certification (CMMC) 1.0.
The military's contractor cyber standards are officially here(FedScoop) The Pentagon issued the final standards under the Cybersecurity Maturity Model Certification (CMMC) on Friday. Version 1.0 marks the first step towards implementing the new cybersecurity standards into all Defense Department contracts. The model, consisting of five levels of security standards, will be phased into requests for information starting this summer. The vast majority of contractors that work …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CPX 360 Vienna(Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...
5th Annual Atlanta Cyber Security Summit(Atlanta, Georgia, USA, February 5, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from The FBI, U.S. Secret Service, U.S. Dept. of Homeland...
2020 OurCrowd Global Investor Summit(Jerusalem, Israel, February 11 - 13, 2020) We’re expanding the Summit to three days! Invite-only events will take place February 11-12, with Summit Day on February 13. Summit Week will be packed as ever, with corporate meet ups, VC forums, insider...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.