MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
February 6, 2020.
By the CyberWire staff
The attack Australian logistics company Toll Group sustained Sunday is ransomware, IT News reports, specifically the Mailto strain. The Australian Signals Directorate says it’s unclear whether the Mailto attacks are part of a larger campaign.
SentinelLabs reports on renewed activity against Ukrainian targets by the Gamaredon Group, a state-sponsored APT that Ukrainian security services associate with Russia’s FSB. (The FSB is generally regarded as Cozy Bear’s proprietor.) SentinelLabs sees the activity as a bellwether for future hybrid war: when kinetic fighting slows or freezes due to strategic, operational, or diplomatic pressures, expect an intensification of activity in cyberspace.
Security firm Certfa Lab is calling out Charming Kitten, the well-known Iranian APT, as the group responsible for a recent phishing campaign that spoofed a Wall Street Journal writer’s email to prospect targets for further compromise.
Cybereason found a malware campaign using Bitbucket repositories as its launching point. Atlassian's Bitbucket Support took down the affected repositories within hours of Cybereason's warning.
Iowa Democrats continue to count caucus results, with 97% of the precincts accounted for this morning. The problems at the caucus are attributed not to hacking, but to Shadow’s IowaReporterApp, which proved difficult to use and unable to transmit results correctly to state party headquarters. The emerging consensus is that IowaReporterApp was hastily put together and inadequately tested. ProPublica obtained a copy of the app and sent it to Veracode for a security assessment. Veracode found that “vote totals, passwords and other sensitive information could have been intercepted or even changed."
Today's issue includes events affecting Australia, Belarus, China, Estonia, France, Netherlands, Norway, Russia, Ukraine, United Kingdom, United States.
Bring your own context.
So you're being sued. You should delete all that discreditable stuff in your files, right? No, no, don't do that. But what if you did?
"And this rule, as - you know, they quote a retired judge here, making the statement this rule is sort of backwards. It requires that a litigant who claims the other side destroyed or didn't keep evidence - they have to prove that whatever was destroyed would have been unfavorable to the person destroying it. Now, that presents the very obvious Catch-22. How do you know it's unfavorable if that data has already been destroyed? And this is just an absolutely daunting hurdle for litigants. And usually, these litigants will have fancy, hotshot lawyers. But they're oftentimes, you know, people who use the products produced by these corporations or, you know, people alleging some sort of injury as a result of corporate action. And it's just because of this rule that's very favorable to these corporations, it's going to be much harder for those plaintiffs to seek relief."
—Ben Yelin, of the University of Maryland's Center for Health and Homeland Security, on the CyberWire Daily Podcast, 2.4.20.
OK, absence of evidence isn't evidence of absence, but c'mon, throw the plaintiff a bone.
Coming soon: CyberWire Pro.
Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
Aerospace news worthy of attention.
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
Cyber influence campaigns have plagued countries across the globe in the past few years, with foreign policy objectives, economic goals, and public opinion caught in the crossfire. LookingGlass researchers have tracked over 2000 People’s Republic of China-related influence operators on Twitter to better understand the current landscape. In our next webinar, Tom Creedon will explore these findings to gain an understanding of operator account patterns and targets. Save your seat for February 6 at 1pm ET.
And Hacking Humans is up. In this episode, "I wouldn't want my computer to be disappointed," Dave finally has good news. Joe shares a fake website created by the US Trading Commission... which doesn't exist. The catch of the day threatens FULL DATA LOSS! Later in the show, Anna Collard is the founder of security content publisher Popcorn Training – a South African company that promotes Cyber Security awareness by using story-based techniques. Our conversation centers on the state of cyber security in Africa.
Cyber or Cleared Job Fair, February 13, San Antonio.(San Antonio, Texas, United States, February 13, 2020) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber or Cleared Job Fair, February 13 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.
CyCon 3.0(Sterling, Virginia, USA, February 15, 2020) Join us at this upcoming cybersecurity event in Loudoun, VA with a full lineup of industry experts, speakers and federal contractors presenting on cutting-edge topics in the domain of cyber. This event is FREE for everyone! Register today!
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Fake Interview: The New Activity of Charming Kitten(Certfa) Certfa Lab has identified a new series of phishing attacks from the Charming Kitten, the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services. According to our investigation, these new attacks have targeted journalists, political and human rights activists. These phishing attacks are in line with the previous activities of the group that companies like ClearSky and Microsoft have reported in detail in September and October 2019.
‘We Feel Really Terrible,’ Says CEO Whose App Roiled Iowa Caucus(Bloomberg) The chief executive of the technology company whose app threw the Iowa caucuses into disarray Monday night defended his company but apologized for a technological glitch that angered candidates, left voters baffled and upended the opening act of the 2020 Democratic presidential primary.
Emotet attacks— a spike to start the year...(Menlo Security) The Emotet malware has built a formidable infrastructure over time and can be destructive to an organization if not mitigated in a timely manner. isolation- or- block approach ensures that all web content is considered risky and is prevented from accessing users’ devices.
New Ransomware Strain Halts Toll Group Deliveries(BleepingComputer) Australian transportation and logistics company Toll Group confirmed today that systems across multiple sites and business units were encrypted by a new variant of the Mailto ransomware.
Data leaks and hacking reports rise, Maastricht Uni comes clean on ransomware(DutchNews.nl) The Dutch data protection authority AP received more than 27,000 reports of data leaks last year, most of which came from the financial sector, the agency said on Thursday. In total, the number of leaks rose 29% on 2018, while attacks on companies and individuals involving hacking, phishing and ransomware rose 25%, the agency said. The AP suspects the true number of data leaks may be higher because not all companies and leaks report leaks, even though they are required...
The time I sabotaged my editor with ransomware from the dark web.(Bloomberg) As you may be aware, there’s money to be made on the internet. The question, of course, is how. Not everyone has the reality-distortion skills to start their own tech unicorn, or the Stanford connections to become an early employee there, or the indifference to sunlight necessary to become a world-class Fortnite gamer.
Security Patches, Mitigations, and Software Updates
Cisco Patches Critical CDP Flaws Affecting Millions of Devices(BleepingComputer) Five critical vulnerabilities found in various implementations of the Cisco Discovery Protocol (CDP) could allow attackers on the local network to take over tens of millions of enterprise devices as discovered by IoT security company Armis.
Global Security Report: End of Year 2019(AppRiver) In 2019, Attackers continued to embrace malware distribution via URL While the distribution of banking trojans remained popular in 2019, we also saw a notable spike in ransomware as a secondary stage of infection. Attackers continued to evolve and improve their distribution methods and have begun widely embracing Living of the Land techniques to lend validity to their malicious campaigns.
Global DDoS Threat Landscape(Imperva Resource Library) While 2019 saw the largest network and application layer attacks ever recorded, attacks were overall smaller, shorter, and more persistent. In this report, security experts from Imperva Research Labs analyze DDoS attack sizes, duration, persistence, and more.
2019 Global DDoS Threat Landscape Report(Imperva) Today Imperva Research Labs, made up of senior researchers and industry experts who have been delivering sound and valid advice for over 15 years, is releasing a brand new Global DDoS Threat Landscape Report. The report is a statistical analysis of 3,643 network layer DDoS attacks throughout 2019 and 42,390 application layer DDoS attacks mitigated …
Ransomware Attack on Hospital Shows New Risk for Muni-Bond Issuers(Yahoo) (Bloomberg) -- Hackers have finally done what bond issuers may have feared most from cyber criminals.A ransomware attack on Pleasant Valley Hospital in West Virginia was partly responsible for the hospital’s breach of its covenant agreement, according to a notice to the hospital’s bondholders from the
More data leaks, ransomware attacks reported to data protection authority(NL Times) Companies and institutions reported nearly 27 thousand data breaches to the Dutch Data Protection Authority last year, an increase of 29 percent compared to 2018. Most of the leaks came from companies in the financial sector. The number of data leaks due to cyber attacks also increased, especially in the case of ransomware, NOS reports. "We are seeing a huge increase in data breaches," Monique Verdier of the Dutch Data Protection Authority said to the broadcaster.
RSA Conference Reveals RSAC Launch Pad 2020 Participants(Yahoo) RSA® Conference, the world’s leading information security conferences and expositions, today revealed the three cybersecurity startups selected to participate in the second annual RSAC Launch Pad. The event gives early stage startups a platform to introduce their potentially groundbreaking solutions
Tenable Appoints Mark Thurmond as Chief Operating Officer(Tenable®) Global cybersecurity leader deepens executive bench with technology industry veteran Tenable®, Inc., the Cyber Exposure company, today announced it has appointed Mark Thurmond as Chief Operating Officer (COO). In this role, Thurmond will lead Tenable’s global field operations, including sales, professional services and technical support. Thurmond’s appointment adds another layer of depth to Tenable’s executive bench as the company continues to deliver on its Cyber Exposure vision to help business executives and security teams understand and reduce cybersecurity risk.
NZ Utility Responds to National Cybersecurity Concerns(Industry Update) New Zealand energy and telecoms giant Trustpower has responded to that nation’s new Voluntary Cyber Security Standards for Industrial Control Systems (VCSS-OCS) by deploying Nozomi Networks Guardian a
My First Joyride With SILENTTRINITY(Black Hills Information Security) Jordan Drysdale // TL;DR SILENTTRINITY (ST) made the news a few times in July 2019, and I wanted to see what all the fuss was about. This article has enough information to get ST installed, the teamserver operational, and a client connected to the teamserver. Once all that is out of the way, we’ll go …
Security experts: Here’s how to prevent your company from getting hacked(HousingWire) As the Iowa caucus delays fully showed, relying on technology can be just as much of a negative as a positive. It was in that spirit that a panel of security experts told the crowd at the MBA's Independent Mortgage Bankers Conference in New Orleans that cybersecurity only works if the people using it are prepared and ready to face whatever challenges are throw their way.
NIST Hires Symantec VP Jeff Greene to Lead NCCoE(MeriTalk) Jeff Greene, former vice president of global government affairs and policy at Symantec, began a new role as director of the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on Feb. 3.
Bloody Trail? Chechen Blogger Is The Latest Kadyrov Critic To Die Abroad(RadioFreeEurope/RadioLiberty) A Chechen blogger was found dead with multiple stab wounds in a hotel in northern France last week. French police in Lille suspect a "political motive" in the killing of Imran Aliyev, the latest in a growing list of critics of Kremlin-backed Chechen leader Ramzan Kadyrov to have been killed or to have died abroad under suspicious circumstances. Here are some of the most prominent cases.
CIA hacker on trial for leaking data(Times) A former hacker for the CIA who is accused of betraying it by leaking a “catastrophic” amount of classified data has gone on trial in Manhattan. Joshua Schulte, 31, allegedly stole documents...
Alleged CIA Leaker Joshua Schulte Was Made Scapegoat for Being 'a Pain in the Ass,' Defense Argues(Gizmodo) Defense lawyers for former CIA software engineer Joshua Adam Schulte say that the CIA and federal prosecutors don’t actually know for certain who was behind a 2017 leak of cyber espionage documents, let alone whether it was their client, the Wall Street Journal reported on Tuesday. Instead, they said he really pissed off the entire CIA, making him a natural scapegoat for their incompetence.
CIA worker: Massive 2017 leak ‘was crippling’ to the agency(Washington Post) A CIA computer engineer testified at the espionage trial of a former CIA employee on Wednesday that the 2017 leak of thousands of pages of documents “was crippling” to the agency and turned his office into an FBI crime scene.
Convicted Norwegian spy: intel agencies are ‘amateurish’(Washington Post) A retired Norwegian border inspector, who was convicted in Russia for spying and who was returned home last year in a spy swap, lashed out Wednesday at the Scandinavian country’s intelligence services for using local people, saying they are “amateurish.”
Second lawsuit filed over DCH ransomware attack(Washington County News/Holmes County Times-Advertiser) Three more DCH patients have filed a federal class-action lawsuit against the healthcare system, saying the ransomware attack that crippled operations in
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CPX 360 Vienna(Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...
2020 OurCrowd Global Investor Summit(Jerusalem, Israel, February 11 - 13, 2020) We’re expanding the Summit to three days! Invite-only events will take place February 11-12, with Summit Day on February 13. Summit Week will be packed as ever, with corporate meet ups, VC forums, insider...
CyCon 3.0(Sterling, Virginia, USA, February 15, 2020) Our 3rd Annual NOVA CyCon event in Loudoun has a full lineup of cybersecurity experts, speakers and federal contractors presenting on cutting-edge topics! Networking, free lunch and refreshments, door...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.