skip navigation

More signal. Less noise.

MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.

Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.

Daily briefing.

Dragos this morning publicly released its full report on the EKANS ransomware that has recently afflicted industrial control systems. (EKANS is referred to as “SNAKE” in some sources, “EKANS” being “SNAKE” spelled backwards.)

Australia’s Toll Group, a logistics company that operates a fleet of seven cargo ships, has shut down some systems while it investigates and recovers from a suspected cyberattack, according to industry publication Splash 24/7.

As usually happens with any news story that achieves widespread circulation and considerable penetration into popular consciousness, the coronavirus epidemic continues to be used as phishbait to spread malware. Tech Republic, citing research by both Kaspersky and IBM’s X-Force, reports that emails circulating in Japan and purporting to be from a disability welfare service provider are serving as an infection vector. The inducement to open a malicious Word document attached to the email is the false report that the virus has broken out in three Japanese prefectures.

The Iowa caucuses are the first round in the US Presidential primaries, and they meet today. Although as Politico notes caucus voting is lower-tech than it will be in other contests, Iowa affords the first look at how 2020’s vote will proceed in the face of expected cyber disruption.

The state of West Virginia intends to make casting a ballot by smartphone an option for disabled voters this year, NBC News reports.

Mondaq says that the city of Chicago’s lawsuit against Marriott over the hotel chain’s 2018 data breach has survived a motion to dismiss. 

Notes.

Today's issue includes events affecting Australia, Bolivia, Canada, China, Russia, Saudi Arabia, Switzerland, United Kingdom, United States.

Bring your own context.

Growing in comparison to account takeover in the black market: access-as-a-service.

"So one of the things that we're tracking here that we've been tracking for a while is the way that services are developing in criminal marketplaces. We're all familiar with account takeover. We know that credentials are being sold and marketed for fraudsters to then go take over accounts themselves. But there's something that's been developing over the last couple of years and over the past few months in particular that I'm thinking of as access as a service. So instead of having credentials to go take over an account yourself, for example, a vendor might offer what is essentially a value-added service - so saying, hey; what are you trying to do? Can I do that for you? Can I get you there with some additional benefits or resources that I have on my end so you can enjoy all of the fruits of the labor without taking on the risk yourself? ...I think it's interesting to see what sort of brands are appearing for these kinds of services, you know, what sort of brands that have points or status or, you know, loyalty rewards are then trickling over, are then generating demand in these criminal communities. We've seen it for a long time with things like beauty brands that have points, but then airlines and hotels are a natural next step.

—Emily Wilson, VP of research at Terbium Labs, on the CyberWire Daily Podcast, 1.31.20.

The crooks have always been interested in helping people get comped.

Coming soon: CyberWire Pro.

Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.

Aerospace news worthy of attention.

If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.

Investigating China’s Disinformation Campaigns

Cyber influence campaigns have plagued countries across the globe in the past few years, with foreign policy objectives, economic goals, and public opinion caught in the crossfire. LookingGlass researchers have tracked over 2000 People’s Republic of China-related influence operators on Twitter to better understand the current landscape. In our next webinar, Tom Creedon will explore these findings to gain an understanding of operator account patterns and targets. Save your seat for February 6 at 1pm ET.

In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan shares reactions to ransomware legislation proposed in Maryland.

Suits & Spooks (Washington, DC, United States, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers from government agencies and technology companies engage in discussion and debate of security challenges. World-class speakers describe their vision of future threats and leading-edge companies will exhibit novel solutions. Get 15% off with discount code cyberwire15.

Cyber or Cleared Job Fair, February 13, San Antonio. (San Antonio, Texas, United States, February 13, 2020) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber or Cleared Job Fair, February 13 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.

RSAC 2020 (San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!

Cyber Attacks, Threats, and Vulnerabilities

EKANS Ransomware and ICS Operations (Dragos) EKANS ransomware emerged in mid-December 2019, and Dragos published a private report to Dragos WorldView Threat Intelligence customers early January 2020.

How an Army vet became the ‘Cyber Rambo’ in an alleged Bolivian coup (Army Times) Suarez created an algorithm to do automated retweets.

Tech Support Scam Hitting Microsoft Edge Start Page Takes a Break (BleepingComputer) A sophisticated browser locker campaign that ran on high-profile pages, like Microsoft Edge's home or popular tech sites, was deactivated this week after in-depth research was published.

Bad Rabbit Ransomware (KnowBe4) Bad Rabbit first appeared in October of 2017 with a worldwide campaign targeting organizations in Russia, Ukraine and the U.S. Investigators now believe the ultimate goal was not ransom, but gaining undetected access and maintaining it long term.

Watch Out for Coronavirus Phishing Scams (Wired) At least one email campaign is preying on fears by claiming to offer info about the Wuhan coronavirus.

Hackers using coronavirus scare to spread Emotet malware in Japan (TechRepublic) Cybercriminals are using global fears about the virus to spread the Emotet trojan.

Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure (Part II) (Check Point Research) Research by Ronen Shustin Cloud Attack Part II In the previous part  we talked about the Azure Stack architecture and mentioned that it can be extended with features that are not part of its core. Using the ability to research cloud components offline, we took this opportunity to research Azure App Service. In this part,... Click to Read More

Devious Spamhaus Phishing Scam Warns You're on an Email Block List (BleepingComputer) A new phishing campaign distributing malware pretends to be from the Spamhaus Project warning that the recipient's email address has been added to a spam block list due to sending unsolicited email.

Detecting Citrix CVE-2019-19781 (CISA) Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.[1] Though mitigations were released on the same day Citrix announced CVE-2019-19781, organizations that did not appropriately apply the mitigations were likely to be targeted once exploit code began circulating on the internet a few weeks later.

Twitter Removes GOP-Run Account That Impersonated Democrat (Wall Street Journal) The social-media platform took down an account run by the state Republican Party that was named after Democratic gubernatorial candidate Dan Feltes and posted content attacking him.

()

Texas PUC website 'defaced' in low-level attack as state inks new cybersecurity contract (Utility Dive) While the hacker claimed to be Iranian, state officials say they have no evidence of a link to the Middle Eastern nation.

Access Health reports over 1,000 consumers’ information compromised in data breach (FOX 61) Access Health CT reported that around 1,100 consumers' personal information may have been compromised in a data breach.

Pennsylvania hospital investigates payroll system data breach (Beckers Hospital Review) Meadville (Pa.) Medical Center began notifying employees Jan. 23 about a data breach within its payroll system, according to the Meadville Tribune. 

Toll Group shuts down several systems after suspected cyber attack - (Splash 247) Australian transport and logistics company Toll Group has had to shut down a number of systems in response to a suspected cyber security incident. The company said it is investigating the cause of the incident. “We expect several Toll customer-facing applications to be impacted as a result. Our immediate priority is to resume services to …

College campuses in Dundee and Angus to close for a day following Friday cyber attack (The Courier) All Dundee and Angus college campuses will be closed on Monday following a cyber attack.

Cyber attack takes down high school district's server and phone system (Mountain View Voice) The Mountain View-Los Altos High School District was the victim of a ransomware attack Wednesday that took down the phone system and blocked access to files stored on the district's server.

St. Landry School Board members updated on system restoration after cyber attack (KATC) Weeks after a cyber attack crippled computers within the St. Landry school system, officials were updated on the restoration progress.

LifeLabs data breach may impact almost everyone in B.C. (Castanet) New evidence shows 4.7 million people in B.C. may have had their privacy breached following a hack at LifeLabs.

Travelex recovers UK website after ransomware hit (Reuters) Travelex said it had partially restored its UK website, almost a month after a c...

Arizona Department of Education release unwittingly reveals student data (Tucson Sentinel) The Arizona Department of Education has asked a Phoenix reporter to destroy records it sent him that later revealed parent names and account information of more than 7,000 students in the Empowerment Scholarship Account program.

List of data breaches and cyber attacks in January 2020 – 1.5 billion records breached (IT Governance UK Blog) The first month of the new decade began with 61 data breaches and cyber attacks accounting for 1,505,372,820 compromised records.

Cyber Trends

()

Why You Don’t Need to Be Bezos to Worry About Spyware (Washington Post) The news that an iPhone owned by Amazon.com Chief Executive Officer Jeff Bezos had been hacked prompted widespread speculation about how it happened and whether the Saudi crown prince may have been involved, as some investigators have alleged. But it also led many people to wonder whether their own phone might be turned against them.

Marketplace

Iran, Bezos and 2020 elections: Cybersecurity firms are in demand this year (CNN) As US officials braced for a possible Iranian cyberattack this month following the killing of top military general Qasem Soleimani, a trio of cybersecurity companies ventured to Capitol Hill.

Could the Coronavirus outbreak create a global electronics shortage? (The Telegraph) At the end of the lunar new year, millions of Chinese workers who travel across the country to visit family return to manufacturing hubs like Shenzhen, Ningbo and Guangzhou.

Huawei’s Catch-22 - The Commentator (The Commentator) On January 24th, the U.S. Commerce Department’s plan to further limit trade with Chinese tech giant Huawei (pronounced Wah-Way) was thwarted with the Pentagon opposing the ruling. At first glance, the headline seems confusing and conflicting as the Pentagon had been fighting tooth and nail to try to limit Huawei’s presence in the U.S — …

Maryland Lt.-Gov. recruiting Israeli hi-tech companies to his state (The Jerusalem Post) Rutherford presented at Cybertech and then he and his team met with several promising Israeli companies

Products, Services, and Solutions

Fortinet’s FortiWeb Cloud Powers Continent 8’s New WAF-as-a-Service Offering (Globe Newswire) Continent 8 Technologies, a leading provider for managed hosting, networking, security, and cloud infrastructure managed services, today unveiled its new Cloud WAF product powered by Fortinet’s FortiWeb Cloud. Combined with Fortinet’s solution, Continent 8’s Cloud WAF secures their customers’ applications, no matter where they are hosted.

DigiCert launches two new PKI tools to provide fast, flexible PKI deployment (Help Net Security) DigiCert, the world’s leading provider of TLS/SSL, IoT and PKI solutions, announced two new PKI tools: IoT Device Manager and Enterprise PKI Manager.

Technologies, Techniques, and Standards

How to avoid the mistakes made in the UN data breach (TechRepublic) Falling prey to a hacker because it neglected to properly patch its systems, the United Nations also failed to publicly disclose the hack. Here's how your organization can avoid the same mistakes.

2020’s first election security test: Iowa (POLITICO) The nation’s first caucuses Monday may be almost as low-tech as it gets, but it still faces threats from hackers.

Iowa Will Be the First Test Case for 2020 Election Security (New York Times) The good news is that caucuses are inherently safer than traditional elections. But campaigns remain dangerously exposed to hackers, and election systems in many states are still vulnerable.

Iowa Caucuses to Be Testing Ground for Efforts to Protect Voting From Hackers (Wall Street Journal) With Iowans kicking off the 2020 presidential election season, there is also a race to protect voting from cyberattacks and other intrusions.

John Odum: Newest elections technology might not be the best (Vermont Digger) Using technology to make improvements in our lives is obviously a good thing so long as we answer a fundamental question: Is it the right tool for the right job.

Election Officials Get Training Before 2020 Voting Begins (EDGE Media Network) When state election officials gathered ahead of the last presidential election, major topics were voter registration, identity theft and ballot design. This year, the main theme is election security.

A Framework for Measuring InfoSec as a Business Function (Security Magazine) In my December column, I ended with the observation that many CISOs struggle when it comes to first determining and then actually communicating the business value of the security options out there.

Research and Development

Explained: The Artificial Intelligence Race is an Arms Race (The National Interest) Whoever wins it will have an advantage in every conflict around the world.

Legislation, Policy, and Regulation

Financial tech firms disagree on ban of customer data screen-scraping (Naked Security) They use it to offer things like budgeting apps. It puts passwords and privacy at risk, but some say they can’t afford to build APIs instead.

US upping pressure on Switzerland to drop Huawei technology (SWI swissinfo.ch) US authorities have contacted the Swiss foreign ministry several times in recent weeks to raise concerns about espionage and the Chinese technology.

BT will build UK’s emergency network using Huawei kit despite security concerns (The Telegraph) BT will use Huawei kit to build a telecoms network for Britain’s emergency services despite government advice that it could pose a security threat.

Britain Knows It's Selling Out Its National Security to Huawei (Foreign Policy) London’s justification for cooperating with the Chinese telecommunications company is riddled with obvious contradictions.

()

Europe shows it will not blindly do US bidding (China Daily) The Tuesday decision by the British government led by Prime Minister Boris Johnson to allow Huawei to participate in the country's 5G network has dealt a major blow to those in Washington who have been hysterically trying to pressure and intimidate the United States' allies to exclude the Chinese telecommunications giant.

Pentagon finalizes first set of cyber standards for contractors (Fifth Domain) The Pentagon has finalized the long anticipated cybersecurity standards contractors will have to follow before winning contracts from the Department of Defense, a new process called the Cybersecurity Maturity Model Certification (CMMC) 1.0.

The military's contractor cyber standards are officially here (FedScoop) The Pentagon issued the final standards under the Cybersecurity Maturity Model Certification (CMMC) on Friday. Version 1.0 marks the first step towards implementing the new cybersecurity standards into all Defense Department contracts.   The model, consisting of five levels of security standards, will be phased into requests for information starting this summer. The vast majority of contractors that work …

US Interior Dept extends drone grounding over foreign hacking fears (Naked Security) The DOI has doubled down on a previous order, keeping the agency’s drones grounded for another 30 days for a more in-depth security review.

()

West Virginia plans to make smartphone voting available to disabled people for 2020 election (NBC News) Cybersecurity experts have long railed against voting apps, saying that any kind of online voting unnecessarily increases security risks.

Litigation, Investigation, and Law Enforcement

Data Breach Litigation Preparation: What should organizations consider when notifying consumers of a data breach? (Lexology) As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory…

AIG must cover client's $5.9 million in cyber-related losses, judge rules (CyberScoop) Insurance giant AIG must cover nearly $6 million in losses for a client that was fleeced by an email scam carried out by suspected Chinese hackers, a federal court has decided.

Senator asks intelligence community to look into Jeff Bezos phone hacking (Federal News Network) After one of the world’s wealthiest individuals had his phone hacked, Connecticut Sen. Chris Murphy wants intelligence agencies to investigate.

New Senate Intel report on Russia's election interference expected next week (TheHill) A new bipartisan report from the Senate Intelligence Committee on Russia's election interference is expected to be released next week, lawmakers said Friday.

Raytheon engineer arrested for taking US missile defense secrets to China (Quartz) The case revolves around a laptop on the lam.

Carriers ‘violated federal law’ by selling your location data, FCC tells Congress (TechCrunch) More than a year and a half after wireless carriers were caught red-handed selling the real-time location data of their customers to anyone willing to pay for it, the FCC has determined that they committed a crime. An official documentation of exactly how these companies violated the law is forthco…

FCC Confirms 'One or More' Carriers Broke the Law Selling Location Data (Vice) One year later, FCC boss Ajit Pai suggests one or more major carriers could be fined.

()

Lindsey Graham: Senate Intelligence Committee will call Ukraine whistleblower (Washington Examiner) The Senate Intelligence Committee plans to call the whistleblower whose complaint was the impetus for impeachment proceedings against President Trump, according to a top Republican senator.

National security adviser Robert O'Brien "very confident" NSC didn't leak Bolton manuscript (CBS News) "I am very confident that the leaks of that book did not come from the NSC," the national security adviser told CBS News' "Face the Nation."

Men arrested on suspicion of connection with €13m cyber-attack on Malta bank (The Irish Times) North’s National Crime Agency boss says ‘large amount’ of proceeds ‘funnelled through bank account in Belfast’

Canadian insurer paid for ransomware decryptor. Now it's hunting the scum down (Register) A curious tale of Bitcoin exchanges and the High Court

Craigslist ad led agents to Navy tech’s stash of child porn: feds (New York Post) A US Navy information systems technician who posted an explicit Craigslist ad looking for sex with a “young” girl has been busted for child porn.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CPX 360 Vienna (Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...

5t​h​ Annual Atlanta Cyber Security Summit (Atlanta, Georgia, USA, February 5, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from The FBI, U.S. Secret Service, U.S. Dept. of Homeland...

Suits & Spooks, 10th Anniversary: Taking Ownership of the Future of our Security (Washington, DC, USA, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers engage in discussion and debate of cyber/physical security challenges over the course of two days. World-class...

Meeting To Discuss Insider Threat Detection On Computer Systems & Networks (Laurel, Maryland, USA, February 11, 2020) The National Insider Threat Special Interest Group will hold a meeting to discuss the findings of a workshop that was held in 2019. The workshop was done in partnership with the University of Maryland’s...

2020 OurCrowd Global Investor Summit (Jerusalem, Israel, February 11 - 13, 2020) We’re expanding the Summit to three days! Invite-only events will take place February 11-12, with Summit Day on February 13. Summit Week will be packed as ever, with corporate meet ups, VC forums, insider...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.