MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
January 6, 2020.
CyberWire Pro, just around the corner.
We're pleased to announce our new subscription program, CyberWire Pro, is launching soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time as it keeps you informed. Learn more and sign up to get launch updates here.
By the CyberWire staff
The news as it’s developed over the weekend centers on heightened tension between the US and Iran in the wake of attacks against US forces in Iran and the US retaliation that killed Iranian Major General Suleimani. Iran has promised retribution, and many believe that such retribution is likely to include a heavy cyber component. The Washington Post has a summary of such predictions, and Fifth Domain offers an account of what Iranian cyber campaigns might look like.
That’s also the official view of the US Department of Homeland Security. Cybersecurity and Infrastructure Security Agency Director Krebs tweeted a warning and a recommendation that enterprises brush up on Iranian cyber tactics, techniques, and procedures: “pay close attention to your critical systems, particularly ICS.”
A great deal of Twitter traffic associated with Tehran has organized itself around the pre-existing hashtags #HardRevenge and #DeathToAmerica, as CyberScoop, citing Atlantic Council studies, reports.
There’s also been one minor attack on a US Government website that would seem to represent the work of either Tehran’s operators or of patriotic hacktivists aligned with Iran. The website of the US Federal Depository Library Program was defaced with Iranian messaging, Forbes and others report. The Department of Homeland Security is investigating. The affected site was probably a target of opportunity, hacked because it was hackable.
The Wall Street Journal says that Britain’s GCHQ is investigating the possibility that a London Stock Exchange outage in August, regarded as an accidental glitch, may have in fact been a cyber attack.
Today's issue includes events affecting Australia, Austria, Canada, China, Iraq, Iran, NATO/OTAN, Qatar, Russia, United Kingdom, United States.
Bring your own context.
Artificial intelligence and machine learning are things almost all security companies talk about. What's the current state of play, buzzwords aside?
"So backing up around two to five years ago in cybersecurity, most applications of AI have been antivirus-driven: machine learning models that have been put in place specifically to recognize malicious code patterns, to be able to recognize that, push out signatures to block those, right? That's been a traditional approach to AI. It's been a monolithic model, meaning that it's cloud-based. So it's basically one learning node where all the viruses will feed in. And you can, through that model, do the processing, and then push out some sort of decisive pattern to other organizations where those security appliances sit to be able to act on that."
So code-blocking and antivirus represent the first generation of AI. What about the second?
"What I'm seeing is basically, the second generation is extended reach to those learning-modeled nodes. So instead of just having this monolithic brain, if you will, in the cloud that's doing all the processing and that's relying on everything to input into it, we're seeing now extended reach in the second generation of AI, which is a regional learning system, right? So you have - now you have - you're basically extending the same success that you've had from machine learning models of the cloud and putting them onto on premises - so regional sites, you know, different verticals, different environments, different nodes of inspection for traffic, different types of traffic. All of this now is entering into the second generation of AI, where those regional learning nodes extend into the cloud. So now they're also collecting data and feeding the cloud based off of its learned results, right? So then the cloud model can still take that extra input from these regional brains, do some additional processing and crunching, and then distribute that out to security appliances."
And a third generation?
"In the future, I believe that we're going to get into this federated machine learning models, where you have different devices doing their own machine learning, but peer-to-peer, so talking to each other and being able to pass data so it's much quicker and then actually, you know, be able to act on that data. So it's like a regionalized response completely on premises, so more of a distributed AI as a system model. That's going to allow for a lot of fascinating cases, I think. Obviously, you'll have much quicker response, which is, by the way, incredibly important because I often talk about the weaponization of artificial intelligence, how attackers are going to be able to leverage AI to, you know, get in and out of networks much quicker."
—Derek Manky, chief of security insights and global threat alliances at Fortinet, on the CyberWire Daily Podcast, 1.3.20.
Interested in space and associated C4ISR news?
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
Each year, the cybersecurity industry is bombarded with threats to be concerned about. In the beginning of 2019, we heard about threats like artificial intelligence, machine learning, and ransomware attacks that would plague cyber professionals all year long. LookingGlass threat researchers want to look back at the trends that stood out to them, and which type of threats we can expect to see in 2020. Join us January 16 at 2pm ET for our webinar.
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Iran Will Wage Insurgency in U.S. Cyberspace, VMware's Kellermann Says(Bloomberg) Tom Kellermann, VMware head of cybersecurity strategy, and Bloomberg's Kartikay Mehrotra discuss Iran's cyber capabilities amid possible retaliation for a U.S. airstrike that killed one of Iran’s most powerful generals. They speak with Bloomberg's Taylor Riggs on "Bloomberg Technology."
U.S. Government Issues Warning About Possible Iranian Cyberattacks(BleepingComputer) Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency issued a warning about a potential new wave of Iranian cyber-attacks targeting U.S. assets after Maj. Gen. Qassim Suleimani was killed by a U.S. airstrike at the Baghdad airport in Iraq.
DHS Releases NTAS Bulletin(CISA) Today, Acting Secretary of Homeland Security Chad Wolf reissued the NTAS bulletin pertaining to the terror threat to the U.S. homeland. Upfront, you should know that: “At this time there is no specific, credible threat against the homeland.” You can read the new, entire bulletin at National Terrorism Advisory System Bulletin - January 4, 2020.
Iranian cyberattacks feared after killing of top general(Star Tribune) Iran's retaliation for the United States' targeted killing of its top general is likely to include cyberattacks, security experts warned Friday. Iran's state-backed hackers are already among the world's most aggressive and could inject malware that triggers major disruptions to the U.S. public and private sector.
Wall Street braces for cyberattacks from Iran(Crain's New York Business) In February 2014, Las Vegas Sands Corp.'s computers were attacked by Iranian hackers after the casino company’s CEO, Sheldon Adelson, suggested the U.S. attack Iran with a nuclear missile.
Credit card, Social Security and drivers’ license data was compromised or stolen for people who…
Cyber security after Soleimani assassination - FireEye(Trade Arabia) The US assassination of Qassem Soleimani has increased the likelihood that a decade of cyber-hostilities between the US and Iran could escalate into true cyberwarfare, said FireEye, a global cyber security solutions provider.
Apparent Pro-Iran Hackers Deface Federal Library Program Site(NBC4 Washington) The website for a federal library program was hacked by an apparent pro-Iranian group late Saturday night, officials said. A spokesperson for the U.S. Government Publishing Office (GPO) said an intrusion was detected on the website for the Federal Depository Library Program and that the site was later taken down. There is no confirmation yet that Iranian state-sponsored actors were behind the hack, a Department of Homeland Security spokesperson said.
How Deepfakes Make Disinformation More Real Than Ever(Bloomberg) One video shows Barack Obama using an obscenity to refer to U.S. President Donald Trump. Another features a different former president, Richard Nixon, performing a comedy routine. But neither video is real...
DeathRansom Ransomware Can Actually Encrypt Files Now(Fossbytes) DeathRansom ransomware was first reported in November 2019 but it was considered a joke until recently. According to cyber-security firm Fortinet [1,2], DeathRansom is now capable of encrypting files using a solid encryption scheme.
FBI Warns of Maze Ransomware Focusing on U.S. Companies(BleepingComputer) Organizations in the private sector received an alert from the F.B.I. about operators of the Maze ransomware focusing on companies in the U.S. to encrypt information on their systems after stealing it first.
Penn State community reminded to be on alert for phishing email scams(Penn State University) Penn State’s Office of Information Security has detected an increased volume of phishing email attacks against University employees in recent weeks. Specifically, attackers are sending emails that appear to be from Penn State users, primarily co-workers who are asking victims to purchase gift cards worth hundreds of dollars from places like Target, Amazon and Google Play with a promise that the employees will be reimbursed.
Widespread fears of a new draft crashed the Selective Service website(Military Times) “Due to the spread of misinformation, our website is experiencing high traffic volumes at this time. If you are attempting to register or verify registration, please check back later today as we are working to resolve this issue. We appreciate your patience.”
Security Patches, Mitigations, and Software Updates
Microsoft Products Reaching End of Life in 2020(BleepingComputer) Several major Microsoft products will reach their end of support during 2020, with Office 2010, Visual Studio 2010, Windows 7, Windows Server 2008 (including 2008R2), and multiple Windows 10 versions including 1803 and 1903 being some of the most important ones.
Five cyber risks that will define 2020(Help Net Security) Only 26% of CISOs indicated that their company was ready to respond to a cyber threat. Here are five cyber risks that will endanger company data in 2020.
Tomorrow is Good: The professor and the hacker(Innovation Origins) It was the day before Christmas when the professor's phone rang. The screen said "anonymous", with a small a. That could only mean one thing."Hacker!" said the professor."Professor!" replied the
Dell Selling RSA? ‘There May Be No Better Time’(Channel Futures) According to PE Hub, Dell Technologies has hired Morgan Stanley to sell RSA for at least $3 billion. RSA has more than 30,000 customers globally, and its channel partners include VARs, distributors, systems integrators and consulting firms.
Trump’s Iran Policy Spirals Toward Control(Bloomberg Opinion via Yahoo News) The U.S. airstrike that killed Qassem Soleimani, head of Iran's Revolutionary Guard Quds Force, and Abu Mahdi al-Muhandis, a leader of Iranian-backed militias in Iraq, was not simply a sharp departure in the Trump administration’s policy toward Tehran. It also marks a larger
Telecoms security bill may exclude Huawei from Estonian market, firm says(ERR) Chinese mobile phone giant Huawei has written to interior minister Mart Helme (EKRE) in opposition to a bill requiring greater security checks on its devices and software. The company says that the bill – which concerns all telecoms companies - does not constitute fair and transparent regulation and would in effect exclude it from the market.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
CPX 360 Bangkok(Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
Cyber Security for Critical Assets, MENA 2020(Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...
SANS Cyber Threat Intelligence Summit(Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SINET: Global Cybersecurity Innovation Summit(London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.