Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
January 13, 2020.
Coming soon: CyberWire Pro.
Our new subscription program, CyberWire Pro, will launch soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
By the CyberWire staff
The US FBI warned again of a heightened likelihood of Iranian cyberattacks, according to CyberScoop. The Bureau points to increased reconnaissance and scanning, but also notes, sensibly, that scanning from an Iranian IP address is not necessarily hostile, nor necessarily an indicator of an attack. The Bureau’s warning is consistent with conventional wisdom: a Washington Post poll of security industry leaders reports the same concerns.
Beyond last week's minor website defacements by sympathetic hacktivists, however, active attacks have yet to materialize. Forbes suggests that Iran is for the moment “on the back foot.” Protests in that country currently preoccupy its security forces, Reuters reports, with the immediate cause of the street demonstrations being the shootdown of Ukraine International Airlines Flight 752 on January 8th, for which Tehran acknowledged responsibility Saturday. The shootdown appears to have been a case of mistaken identity.
The most worrisome Iranian activity from the US point-of-view remains the password-spraying attempts against North American utility networks, on which Ars Technica has a brief update. The US Congress appears to be making heavy weather of rules of conflict in cyberspace. The Hill suggests that Congress is particularly concerned with determining what counts as an act of cyber war.
An eleventh-hour surge of Chinese propaganda and disinformation fell short of determining the results of Taiwan's presidential elections this Saturday. The New York Times reports that Tsai Ing-wen won reelection on the strength of support for continued independence, suggesting that Beijing's influence campaign (and the example of Hong Kong) backfired.
Today's issue includes events affecting Australia, Belgium, Brunei, Canada, China, European Union, India, Iran, Iraq, Israel, Democratic Peoples Republic of Korea, Pakistan, Russia, Taiwan, United Kingdom, United States, and Vietnam.
Bring your own context.
Windows 7 reaches its end of life, for real, Wednesday. What should those still hanging onto it do?
"The most basic action you can take is to upgrade. If that's possible, it's highly recommended that you just upgrade. For Windows 7, that upgrade path would be to Windows 10. So for the desktop operating systems, if you're still on Windows 7 at home, you know that your organization is still using Windows 7, you want to look for that upgrade path to Windows 10. For Windows Server 2008, you're looking to upgrade to Server 2012 or hopefully 2016. Although we're seeing a lot of organizations, rather than upgrading in-house, just moving to cloud platforms for a lot of services, which puts, you know, the security question into somebody else's hands entirely, which is also a good path for upgrade."
Well, OK, fine, but aren't a lot of organizations still clinging to Windows 7, and for that matter, to Windows Server 2008?
"All over the place. By our estimates, at least a third of large organizations currently have some footprint of Windows 7 and Windows Server 2008 in those environments. We still see a lot of end users that are using them. People obviously don't like to upgrade. A lot of people, especially when it comes to technology, follow the principle, if it's not broke, don't fix it. And for Windows 7, Windows Server 2008, if it's still doing what you need it to do, then no one really has the impetus to upgrade."
—Karl Sigler, manager of SpiderLabs Threat Intelligence at TrustWave, on the CyberWire Daily Podcast, 1.9.20.
A thought: WannaCry appeared shortly after Windows XP reached its end of life. It's not unreasonable to think that something may hit Windows 7 and Windows Server 2008 in the not too distant future.
Georgetown University Part-Time Master's in Cybersecurity Risk Management
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
Free Dragos Webinar: Introducing MITRE ATT&CK™ for ICS and Why it Matters(Online, January 14, 2020) Register today for the Jan. 14 webinar introducing the MITRE ATT&CK for ICS, a new framework that organizes and codifies the malicious threat behaviors affecting industrial control systems. Led by security experts from Dragos and MITRE, who worked together on the framework, you’ll find out how it works, why it was developed and when to apply it.
CyberTech Tel Aviv(Tel Aviv, Israel, January 28 - 30, 2020) Cybertech Tel Aviv is a 3-day event with 200+ organizations, 180+ speakers and 18,000+ attendees with a goal to create business and networking opportunities across borders. For 15% off, use code tcwtlv20dis on the registration page and enter the “Full-Pass" option. https://www.cybertechisrael.com/
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
FBI says Iranian hackers have stepped up reconnaissance since Soleimani killing(CyberScoop) The FBI has told U.S. companies that Iranian hackers have stepped up their probing and reconnaissance activity in the days since the U.S. military killed Iranian Maj. Gen. Qassem Soleimani. In an advisory to industry this week obtained by CyberScoop, the FBI warned that Iranian hackers could target cleared defense contractors, government agencies, academia and nongovernmental organizations focused on Iran issues.
Ako Ransomware: Another Day, Another Infection Attacking Businesses(BleepingComputer) Like moths to a flame, new ransomware targeting businesses keep appearing every day as their enticed by the prospects of million-dollar ransom payments. An example of this is a new ransomware called Ako that is targeting the entire network rather than just individual workstations.
Continued Exploitation of Pulse Secure VPN Vulnerability(CISA) Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become compromised in an attack. 
US Govt Warns of Attacks on Unpatched Pulse VPN Servers(BleepingComputer) The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability.
Am I Screwed If I Don't Upgrade Windows 7 by January 15?(Lifehacker) Deadlines are scary. I know. And Microsoft has thrown Windows 7 users a big one: Update to a more modern operating system by January 15, 2020, or you’ll never receive security updates ever again. Eventually, Microsoft will even start disabling key Windows 7 services—like Internet Backgammon and Internet Checkers—throughout the year.
Cybersecurity 2020: The Danger of Ransomware(TechNewsWorld Headlines) Ransomware tops the list of cybersecurity threats for 2020. While there have been efforts to convince individuals, corporations and municipalities not to pay ransoms, the simple fact is that whenever one is paid, the attack becomes a success that encourages cyberthieves to try again. Ransomware attacks increased 18 percent in 2019, up from an average 12 percent increase over the past five years.
Cyber attacks cost Vietnam US$902 million in 2019(SGGP English Edition) The total number of computers in Vietnam infected by various kinds of virus last year came to 85.2 million, an increase of 3.5 percent compared to 2018. It is predicted that in 2020, IoT devices like routers, Wi-Fi terminals, monitoring cameras, and terminal equipment will be the hot targets of these attacks.
Identifying opportunities in today’s saturated cybersecurity market(TechCrunch) Yoav Leitersdorf is the founder of YL Ventures, a 12-year-old, Mill Valley, California.-based seed-stage venture firm that invests narrowly in Israeli cybersecurity startups and closed its fourth fund with $120 million in capital commitments last summer — a vehicle that brings the capital it now ma…
At CES, companies slowly start to realize that privacy matters(TechCrunch) Every year, Consumer Electronics Show attendees receive a branded backpack, but this year’s edition was special; made out of transparent plastic, the bag’s contents were visible without the wearer needing to unzip. It isn’t just a fashion decision. Over the years, security has become more int…
Cybercriminals: Things are about to get a lot more confusing for you(Techxplore) There are three boxes on a table. Two are made of cardboard and sealed with packaging tape. The third is made of steel with a series of locks blocking entry. Obviously, you think, as an imaginary criminal, the goods are in the steel box. After successfully picking the locks, you realize there's nothing inside. As you stare into the empty box, authorities grab your arms from behind and, all of a sudden, you're in handcuffs.
China Isn’t the Only Problem With 5G(Foreign Policy) The network has plenty of other security weaknesses, including ones the United States doesn’t want to fix since they help its own surveillance efforts.
Canadian university must thread needle between the US and Huawei(Inkstone) Huawei has invested millions of dollars into research projects at the University of British Columbia. For the researchers who have accepted that money, they are worried that their work could be put at risk by the tensions between the US and China.
Building a base of cybersecurity experts in Indiana(WISHTV.com) With a growing risk of cybersecurity threats, Vincennes University and Fishers-based Eleven Fifty Academy hope to address a growing need for cybersecurity talent.
The two organizations have announced a joint effort to develop the talent base in Indiana.
“There is a great
Video: Iran police shoot at those protesting plane shootdown(AP via 13 WTHR Indianapolis) Iranian security forces fired both live ammunition and tear gas to disperse demonstrators protesting against the Islamic Republic's initial denial that it shot down a Ukrainian jetliner, online videos purported to show Monday.
Defying police, Iranians protest over plane shootdown(Navy Times) Videos posted online showed protesters shouting anti-government slogans and moving through subway stations and sidewalks, many around Azadi, or Freedom, Square after an earlier call for people to demonstrate there.
US Scanning Cyberspace for Signs of Iranian Aggression(Voice of America) U.S. government officials are watching and waiting, with many believing it is only a matter of time before Iran lashes out in cyberspace for the U.S. drone strike that killed Quds Force commander Qassem Soleimani last week.
Trump Administration Expands Iran Sanctions(Wall Street Journal) The Trump administration expanded its sanctions campaign against Iran on Friday, as Washington’s chief diplomat said the U.S. would have been negligent not to kill a top Iranian general given what he described as intelligence of an imminent threat against Americans.
No immediate cyberthreat seen over Soleimani killing(SC Media) The most recent military portion or the United States’ on-going confrontation with Iran appears to be completed, but chatter is being detected among Iran’s supporters indicating anger over recent events, but none indicate an immediate threat.
ODNI, NSA Working on Unclassified Cyber Reporting(MeriTalk) The Office of the Director of National Intelligence (ODNI) and the National Security Agency (NSA) are both working on less classified methods of cyberthreat information sharing, according to two officials at a FedInsider webinar on Jan. 9.
FBI to follow FISA court recommendations on wiretapping(ABC 33|40) In the wake of its surveillance abuse scandal, the FBI has said it will follow recommendations made by the Foreign Intelligence Surveillance Act (FISA) court. That’s the court that approves government wiretaps on U.S. citizens.
Against all evidence, debunked Ukraine theory endures(AP via the Star Tribune) With President Donald Trump's impeachment trial set to begin in the Senate, some Republican allies continue to promote a discredited theory that accuses Ukraine of interfering in the 2016 U.S. election to keep him from winning.
Ex-Manager Says Wawa Scapegoated Workers After Breach(Law360) A fired Wawa manager launched a class action Friday in Pennsylvania federal court accusing the convenience store chain of improperly cracking down on workers instead of addressing the full extent of a data breach that allegedly exposed employee Social Security numbers and other sensitive information.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
2020 FAIR CONFERENCE(Washington, DC, USA, October 6 - 7, 2020) Hosted by the FAIR Institute and our sponsoring partners, the 2020 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater...
CPX 360 Bangkok(Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
Cyber Security for Critical Assets, MENA 2020(Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...
SANS Cyber Threat Intelligence Summit(Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SINET: Global Cybersecurity Innovation Summit(London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.