IceFire's new version. Ducktail's tale. Phishing from Tehran. DPRK's LIGHTSHOW. US cyber policy. Remcos in the hybrid war.

Summary

By the CyberWire staff

At a glance.

New IceFire version is out.
A DUCKTAIL tale.
Social engineering by Tehran.
DPRK's LIGHTSHOW cyberespionage.
The President's Budget and cybersecurity.
The US Department of Defense issues its cyber workforce strategy.
Remcos surfaces in attacks against Ukrainian government agencies.
DDoS at a Ukrainian radio station.
CISA releases five ICS advisories.

New IceFire version is out.

A new version of the IceFire ransomware is targeting Linux systems within enterprise networks, according to researchers at SentinelOne. The ransomware was previously limited to Windows systems. The threat actors behind IceFire launch double extortion attacks against large enterprises in the technology, media, and entertainment sectors. The ransomware has been deployed against entities in Turkey, Iran, Pakistan, and the United Arab Emirates, which the researchers note “are typically not a focus for organized ransomware actors.”

The Linux version of IceFire is deployed via CVE-2022-47986, a recently disclosed vulnerability in IBM’s Aspera Faspex file-sharing software. The Record notes that IBM issued a patch for the flaw on January 18th.

Doing Threat Intel is Really Difficult - Try a Managed Intel Service

Why are you struggling with interpreting threat intel by yourself? Engage Nisos to achieve better risk insights and outcomes. Rely on the experts with a managed service that gives you the people, process, and technology to control costs while improving your defenses. Nisos leverages automation efficiency and analyst expertise that eliminates noise, identifies risks, and prioritizes your company-specific threats. We help you respond to threats faster and more effectively through assessments, monitoring, and investigations.

A DUCKTAIL tale.

Deep Instinct says the malware operation tracked as “DUCKTAIL” resurfaced at the beginning of February 2023 with an updated set of malware. The goal of the operation is to install malware that will steal browser cookies, with a particular focus on session cookies for Facebook Business accounts. The researchers note that it’s not entirely clear what the threat actor does after they gain access to these Facebook accounts: “While it might be possible to get the credit card information that is used for paying for ads in the compromised accounts this doesn’t seem plausible. There are far better, cheaper, and easier ways to gain credit card information.”

Deep Instinct found one Facebook page tied to DUCKTAIL that appeared to be imitating a legitimate brand that sells kitchen appliances. Deep Instinct theorizes that this page was used to scam users with fraudulent sales and to distribute malware, though the researchers add, “Since we have only identified one such instance, we can’t assess exactly whether this is a one-time event or whether this is the usual operational method of DUCKTAIL.”

Predictive analytics to ensure your team passes the CISSP the first time.

Other CISSP certification training providers don't have a way to determine exam readiness until a practitioner passes (or fails) their certification exam. CyberVista's online CISSP course includes predictive analytics to show who is ready, who needs more time, and where to focus training. Through diagnostic exams, custom quizzes, a mock Computer Adaptive Test (CAT) Exam, and more, employers and practitioners alike feel confident in passing their CISSP the first time with CyberVista.

Social engineering by Tehran.

Researchers at Secureworks discovered a campaign from the Iranian Cobalt Illusion threat group that leverages the death of Mahsa Amini as bait, Dark Reading wrote yesterday. Cobalt Illusion is also known as Charming Kitten, APT42, Phosphorous, TA453, and Yellow Garuda. The threat group uses a bogus Twitter handle (@SaShokouhi) and represents itself as working with the Atlantic Council (specifically with senior researcher Holly Dagres), Cybernews reports. The account has also been seen engaging with posts surrounding the protests following the death of Mahsa Amini, which Secureworks researchers say will help them appear "sympathetic to protesters' interests and demands and create an illusion of shared interests.” (The photos on the profile belong to a psychologist and tarot card reader based in Russia.) "The threat actors create a fake persona and use it to build rapport with targets before attempting to phish credentials or deploy malware to the target's device," said Secureworks CTU Rafe Pilling in a press statement. "Having a convincing persona is an important part of this tactic."

LIGHTSHOW: a probable North Korean cyberespionage effort.

Mandiant researchers have been tracking a campaign from suspected North Korean espionage group UNC2970, seen to be targeting media and tech companies in the Western world, the cybersecurity firm reports. The suspected North Korean threat actor is linked with “high confidence“ to UNC577, a group also known as Temp.Hermit, in action since 2013 at least. UNC577 was seen targeting primarily South Korean companies, with some attacks by the group on a global scale, whereas the probably related UNC2970 has been primarily targeting entities in the West.

These attacks begin on LinkedIn, with the threat actors posing as recruiters and reaching out to targets. Mandiant researchers have identified files and suspicious drivers within compromised hosts. A dropper, "LIGHTSHIFT" delivers the LIGHTSHOW payload, which then “perform[s] arbitrary read and write operations to kernel memory” that aid in obfuscation from Endpoint Detection and Response (EDR) software. It's a case of “Bring Your Own Vulnerable Device” since LIGHTSHOW relies on trusted yet vulnerable drivers to function. For more on LIGHTSHOW, see CyberWire Pro.

The President's Budget and cybersecurity.

The President's Budget for Fiscal Year 2024 has been published, and it addresses cybersecurity across the spectrum of the Federal Government's operations. The Budget will now go to Congress for the usual review, debate, modification, and passage. The Budget throughout ties appropriate spending requests to the National Cybersecurity Strategy. Much of that funding will go not only to counter the work of adversaries like China and Russia in cyberspace, but also to more enforcement actions against cybercrime (pages 36-37), to the countering of "malign influence," and to "bolstering Federal cybersecurity." The US Cybersecurity and Infrastructure Security Agency (CISA) would receive, under the plan, a budget of $3.1 billion, an increase of $145 million over current funding. For more on cybersecurity and the US budget, see CyberWire Pro.

The US Department of Defense issues its cyber workforce strategy.

The United States Department of Defense (DoD) released their 2023-2027 Cyber Workforce Strategy Thursday. “The strategy will enable the DoD to close workforce development gaps, resource workforce management and development initiatives, stay at the forefront of technological advances, securely and rapidly deliver resilient systems, and transform into a data-centric enterprise with optimized workforce analytics,” the agency wrote in a press release. The strategy contains four “human capital pillars” centered around identifying, recruiting, developing, and retaining cyber talent, Breaking Defense writes. The foundational strategy is intended to make cybersecurity roles in the government more attractive to potential employees, as it has struggled to compete with private sector roles and their offerings, Axios reports. “So we have to compete on mission and other tangibles to the department — leadership, organizational culture, mission is the key there,” said Mark Gorak, DoD Principal Director for Resources and Analysis, in a briefing. “However, it’s okay, because...the United States needs this talent, corporations need this talent and we need theirs. So I view it as a partnership between the department and federal agencies and industry, private sector, that we all work together.”

Remcos surfaces in attacks against Ukrainian government agencies.

Check Point reports seeing the Remcos remote access Trojan (RAT) as the payload in phishing messages being sent to Ukrainian government organizations. "Remcos is a RAT that first appeared in the wild in 2016. Remcos distributes itself through malicious Microsoft Office documents, which are attached to SPAM emails, and is designed to bypass Microsoft Windows’s UAC security and execute malware with high-level privileges," Check Point explains.

DDoS at a Ukrainian radio station.

Halychyna FM, a radio station in western Ukraine, was inaccessible briefly on March 2nd due to a distributed denial-of-service (DDoS) attack claimed by the hacktivists of Russia's Narodnaya Cyber-Armiya, the International Press Institute reports. The attack is typical of the nuisance-level hacktivism cyber auxiliaries have established during the present war.

The CyberWire's continuing coverage of Russia's war against Ukraine may be found here.

CISA releases five ICS advisories.

The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday released five Industrial Control Systems (ICS) advisories:

ICSA-23-068-01 Akuvox E11 Publication
ICSA-23-068-02 B&R Systems Diagnostics Manager
ICSA-23-068-03 ABB Ability Symphony Plus
ICSA-23-068-04 STEP Tools Third-Party
ICSA-23-068-05 Hitachi Energy Relion 670, 650 and SAM600-IO Series

Notes.

Today's issue includes events affecting Belarus, Canada, China, the European Union, Iran, Ireland, the Democratic People's Republic of Korea, NATO/OTAN, Pakistan, Poland, Russia, Turkey, Ukraine, the United Arab Emirates, the United Kingdom, and the United States.

Dateline Moscow and Kyiv: a tactical pause around Bakhmut, and questions of morale.

Ukraine at D+379: A "tactical pause." (CyberWire) Low-level hacktivism and cyberespionage phishing continue against Ukraine as Russia's Wagner Group appears to have begun a "tactical pause" in the vicinity of Bakhmut.

Russia-Ukraine war at a glance: what we know on day 380 of the invasion (the Guardian) ISW claim Wagner group is taking ‘tactical pause’ in Bakhmut; Grossi reappointed as UN nuclear watchdog chief; Pope says war driven by interests of several ‘empires’

Russia-Ukraine war: List of key events, day 380 (Al Jazeera) As the Russia-Ukraine war enters its 380th day, we take a look at the main developments.

Russia ally Belarus brings in death penalty for high treason (the Guardian) Alexander Lukashenko signs bill allowing execution of officials and military personnel for harming national security

Gloom Envelops Putin’s TV Propagandists (CEPA) As Ukrainian forces fight back against Russia, Julia Davis detects an noticeable change in Kremlin TV mouthpieces, such as Vladimir Solovyov.

Will morale prove the decisive factor in the Russian invasion of Ukraine? (Atlantic Council) Putin is preparing for a long war in Ukraine and still believes he can outlast the West, but mounting signs of demoralization among mobilized Russian soldiers may pose a serious threat to the success of his invasion, writes Peter Dickinson.

Ukrainians will never surrender. How long can they count on the West? (Atlantic Council) Ukraine's remarkable resistance during the first days of the Russian invasion convinced the democratic world to back the country but with Putin now preparing for a long war, continued Western resolve is vital writes Serhiy Prytula.

Donald Trump: I’d have let Putin annex part of Ukraine to end the war (The Telegraph) Former US president says Russia ‘would have never’ invaded if he were still in power, but also claims he may have ‘made a deal’ if necessary

Calls to appease Putin in Ukraine ignore the lessons of history (Atlantic Council) While the desire for peace in Ukraine is perfectly understandable, mounting calls to appease Putin by handing him a partial victory ignore the lessons of history and would almost certainly lead to more war.

The moment when Putin turned away from the West (Washington Post) When people try to comprehend the catastrophe of President Vladimir Putin’s invasion of Ukraine, they often draw a straight line back to his apprenticeship as a KGB spy, his nostalgia for a fallen Soviet Union and his rage at NATO enlargement. And that may indeed be the way future historians read this tragic story.

Soldiers receive first permanent duty station in Poland (Army Times) The first soldiers to receive a permanent change of duty station to Poland arrived at Camp Kosciuszko in the west-central part of the country.

Radio Halychyna cyber-attacked following appeal by Russian hacker group (International Press Institute) On 2 March 2023, Halychyna FM, a highly popular radio station broadcasting in Western Ukraine, was targeted in a cyber attack likely initiated by Russian hackers. On its Facebook page, Halychyna FM posted screenshots from a pro-Kremlin Telegram channel known as The People’s Cyber Army (‘Narodnaya Cyber-Armiya’, in Russian), which on 1 March asked its …

Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks (Infosecurity Magazine) Weekly attacks targeting Ukraine decreased by 44% between October 2022 and February 2023

February 2023’s Most Wanted Malware: Remcos Trojan Linked to Cyberespionage Operations Against Ukrainian Government (Check Point Software) Researchers report that Remcos Trojan was used by threat actors to target Ukrainian government entities through phishing attacks as part of wider

US cyber general accuses Moscow of callus conduct in digital war against Ukraine (Cybernews) Paul Nakasone, the army general in charge of United States Cyber Command and the National Security Agency, says Russia's military and intelligence cyber forces are a force to be reckoned with and has warned of ongoing disinformation campaigns aimed at destabilizing the West.

Pentagon Looking to Make Sure SpaceX Doesn’t Abandon Them in War (Defense One) Spooked by the company’s new limits in Ukraine, military leaders are mulling new types of contracts.

Seven steps to spread a conspiracy: How Russia promoted weapons trade allegations (Medium) Kremlin sources planted and amplified fake stories about Western weapons destined for Ukraine being sold in Germany

Attacks, Threats, and Vulnerabilities

Security vendor Acronis admits data breach (Computing) A hacker going by the alias 'Kernelware', who stole data from Acer last month, is now claiming to have hacked Swiss cybersecurity firm Acronis.

Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 (Mandiant) A campaign from a suspected North Korean espionage group.

Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW (Mandiant) How UNC2970 utilized Bring Your Own Vulnerable Device to further enable their operations.

Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices (Mandiant) A suspected Chinese campaign involving malware on unpatched SonicWall appliances.

Malware infecting widely used security appliance survives firmware updates (Ars Technica) Update-resistant malware is part of a pattern by highly motivated threat actors.

Iran-linked hackers used fake Atlantic Council-affiliated persona to target human rights researchers (CyberScoop) A persona dubbed Sara Shokouhi recycled photos of a Russian psychologist and tarot card reader to pose as a Middle East-focused researcher

Iranian APT Targets Female Activists With Mahsa Amini Protest Lures (Dark Reading) A top Iranian, state-sponsored threat is a spear-phishing campaign that uses a fake Twitter persona to target women interested in Iranian political affairs and human rights.

Iran threat group going after female activists, analyst warns (Cybernews) Female human rights activists are being targeted by a state-backed threat group posing as a fellow campaigner to steal their personal data, possibly with the intention of passing it on to the Islamist regime in Iran.

Lazarus group infiltrated South Korean finance firm twice last year (CSO Online) North Korea-linked Lazarus group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability.

IceFire Ransomware Returns | Now Targeting Linux Enterprise Networks (SentinelOne) New Linux version of the IceFire ransomware have been observed in recent network intrusions of media and entertainment enterprises.

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks (The Hacker News) IceFire, a Windows-based ransomware strain, is now targeting Linux-powered enterprise networks by exploiting a vulnerability in IBM Aspera Faspex.

Recently discovered IceFire Ransomware now also targets Linux systems (Security Affairs) The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. The ransomware initially targeted only Windows-based systems, with a focus on technology companies. IceFire was first detected in […]

IceFire ransomware targets Linux, exploits IBM vulnerability (TechTarget) SentinelOne researchers discovered IceFire ransomware is targeting Linux systems by exploiting a known IBM vulnerability.

DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid Detection (Deep Instinct) WithSecure reported on the DUCKTAIL operation in two separate reports in 2022. Shortly after the first publication, which carefully detailed their TTPs, the threat operation went silent. After the publication revealed their tactics for a second time, they again went silent. Deep Instinct observed the operation becoming operational again at the beginning of February 2023.

Update: Financial Advisor Impersonation Ring Targets FINRA (DomainTools) We continue to track a well-organized financial advisor impersonation campaign now attempting to impersonate FINRA.

Ransomware Gang Ups the Ante by Publishing Naked Images of Patients (HIPAA Journal) In what is believed to be a first, the BlackCat ransomware gang has published naked images of patients that were stolen in one of its attacks on a The BlackCat ransomware group is known for its aggressive attacks on healthcare providers. In one of its latest attacks, the group published naked images of patients on its leak site to increase the pressure on the victim to pay the ransom.

Canadian military: Ransomware attack on contractor didn’t touch defense systems (The Record) A ransomware incident involving Black & McDonald, an engineering firm with Canadian military contracts, did not affect defense systems, a spokesperson said

AT&T alerts 9 million customers of data breach after vendor hack (BleepingComputer) AT&T is notifying roughly 9 million customers that some of their information has been exposed after one of its marketing vendors was hacked in January.

Hackers Use Stolen Student Data Against Minneapolis Schools in Brazen New Threat (The 74) Video posted online — and then removed — by ransomware gang claimed to highlight stolen files as criminals demand $1M after ‘encryption event’

Minneapolis Public Schools cyberattack: What to know and how to protect your data (Star Tribune) The district has not specified exactly what information was accessed, but there are steps people can take to protect their information.

Cyber attack shuts down Wilkes-Barre CTC (PAhomepage.com) One school is closed and seven other school districts are impacted by a cyber attack. It is still unclear how much damage was caused by that cyber atta…

Oakland still grappling to recover from ransomware attack (SC Media) Officials in the City of Oakland, California, are still facing challenges in facilitating recovery from a Play ransomware attack that has resulted in city service disruptions and extensive data leaks, Government Technology reports.

Dole Foods Cyber Attack Shows Importance of Cyber Resilience (GovTech) Preparedness is key for keeping operations moving in the event of a cyber incident, like when Dole Foods didn’t know it had been the victim of ransomware until customers complained they couldn’t find their favorite products.

Security Patches, Mitigations, and Software Updates

Cisco Releases Security Advisory for IOS XR Software (Cybersecurity and Infrastructure Security Agency CISA) Cisco has released a security advisory for a vulnerability affecting IOS XR Software for ASR 9000 Series Routers. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Fortinet Releases March 2023 Vulnerability Advisories (Cybersecurity and Infrastructure Security Agency CISA) Fortinet has released its March 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.

CISA Releases Five Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA released five Industrial Control Systems (ICS) advisories on March 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

Akuvox E11 (Cybersecurity and Infrastructure Security Agency CISA) CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Akuvox Equipment: E11 Vulnerabilities: Generation of Predictable IV with CBC, User of Hard-coded Cryptographic Key, Missing Authentication for Critical Function, Storing Passwords in a Recoverable Format, Weak Password Recovery Mechanism for Forgotten Password, Command Injection, Reliance on File Name or Extension of Externally-Supplied File, Missing Authorization, Improper Access Control, Exposure of Sensitive Information to an Unauthorized Actor, Improper Authentication, Use of hard-coded Credentials, Hidden Functionality

B&R Systems Diagnostics Manager (Cybersecurity and Infrastructure Security Agency CISA) CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: B&R Industrial Automation Equipment: Systems Diagnostics Manager (SDM) Vulnerability: Cross-site Scripting

ABB Ability Symphony Plus (Cybersecurity and Infrastructure Security Agency CISA) CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: ABB Equipment: Ability Symphony Plus Vulnerability: Improper Authentication

Step Tools Third-Party (Cybersecurity and Infrastructure Security Agency CISA) CVSS v3 2.2 ATTENTION: Low attack complexity Vendor: Step Tools, Inc Equipment: STEPTools ifcmesh library Vulnerability: Null Pointer Dereference

Hitachi Energy Relion 670, 650 and SAM600-IO Series (Cybersecurity and Infrastructure Security Agency CISA) CVSS v3 4.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670, 650, and SAM600-IO Series Vulnerability: Insufficient Verification of Data Authenticity

Trends

Ransomware tracker: the latest figures [March 2023] (The Record) Hospitals and other healthcare providers have gotten a break from ransomware groups in recent months, but other sectors weren't spared.

Osterman Survey: Navigating the SaaS Landscape (Obsidian Security) Osterman Research explores the tools and processes security leaders use to protect their SaaS applications and valuable data.

Marketplace

Cybersecurity is a ‘resilient industry’ in spite of recession fears: CrowdStrike CEO (Yahoo Finance) CrowdStrike CEO George Kurtz says that cybersecurity should prove resilient in a recession.

Silicon Valley Bank: All the latest developments (Silicon Valley Business Journal) Here's the latest news concerning Silicon Valley Bank as it shores up its cash in the face of a rush on deposits.

SVB Stock Price Slides Another 68% Premarket (Wall Street Journal) Shares of SVB Financial Group were halted Friday after a sharp premarket selloff that came as the bank scrambled to raise fresh capital. Shares of SVB, the parent of Silicon Valley Bank, were halted due to pending news shortly after 8:30 a.m. ET, according to a...

SVB Races to Prevent Bank Run as Funds Advise Pulling Cash (Bloomberg) Founders Fund and others advise companies to limit exposure. Panic spreads in tech circles about bank’s financial situation.

Silicon Valley Bank’s Troubles Threaten a Key Bridge Between Chinese Startups and U.S. Investors (The Information) The panic over the status of Silicon Valley Bank intensified on Friday, as the stock of SVB’s parent fell another 66% in pre-trading hours. Meanwhile, anxieties spread to China overnight, prompting local venture capitalists and entrepreneurs to follow their U.S. counterparts and look for ...

Silicon Valley Bank Is Exploring a Sale, but a Big Bank Buyer Looks Unlikely (The Information) Bankers have been evaluating a potential sale of Silicon Valley Bank, according to a person familiar with the matter, though it’s unlikely a big bank would step forward as a potential suitor at this point to buy a troubled institution whose shareholders and customers are fleeing. Shares of SVB ...

The tech sector's go-to banks are getting squeezed on all sides (Quartz) A day after Silvergate Bank said it's closing, Silicon Valley Bank acknowledged problems of its own

authID® Completes New Financing Round and Announces New Directors (GlobeNewswire News Room) Financing intended to meet projected working capital requirements through Q1 2024.

Camelot’s Offensive Approach To Cybersecurity (Camelot Secure360) Camelot’s Offensive Approach To Cybersecurity Makes Its Debut at The […]

TikTok’s Plan to Stay in the U.S. Could Pose a Threat—to U.S. Tech Companies (The Information) In a bid to avoid a U.S. ban, TikTok is embarking on a project to restructure its product and operations in the country. It plans to store local citizen data on local servers, create a domestic entity to house that data, comply with local legal and law enforcement requests for data, limit the ...

CardinalOps Honored as Winner in 2023 Cybersecurity Excellence Awards (PR Newswire) CardinalOps, the detection posture management company, today announced that the 2023 Cybersecurity Excellence Awards have selected the...

Netsurion Secures Top Honors for Managed Detection and Response and Threat Hunting in 2023 Cybersecurity Excellence Awards (GlobeNewswire News Room) Netsurion, a leading provider of Managed XDR, has been named a winner in three categories in...

Censys Expands Executive Team Through Strategic Investments in Revenue and Sales (PR Newswire) Today, Censys, the leader in Attack Surface Management (ASM), announced three new executive leadership hires: Sarah Ashburn as Chief Revenue...

Zscaler Poaches Palo Alto Networks Veteran To Lead All-Out Channel Charge: Exclusive (CRN) Zero-trust security powerhouse Zscaler has hired Palo Alto Networks’ channel veteran Karl Soderlund as its new top channel executive.

Products, Services, and Solutions

New infosec products of the week: March 10, 2023 (Help Net Security) The featured infosec products this week are from: 1Password, GrammaTech, Kensington, Palo Alto Networks, and Persona.

Intrusion Partners with NetFoundry to Support the U.S. Federal Government’s Zero Trust Cybersecurity Standards (ACCESSWIRE News Room) Intrusion, Inc. (NASDAQ:INTZ) announced its partnership with NetFoundry, creator of the world's most used open source zero trust networking platform, to build a leading Zero Trust Network Access Solution. Intrusion Shield Endpoint helps businesses protect vital data - using zero trust architecture.

Norwegian Public Welfare Agency Chooses Omada to Strengthen Identity Governance (PR Newswire) Omada A/S ("Omada"), a global leader of Identity Governance and Administration (IGA), today announced that the Norwegian Labor and Welfare...

NCC joins three-year cybersecurity partnership in Ireland (Morningstar) NCC Group PLC announced on Thursday a three-year cybersecurity partnership with HEAnet, Ireland's Education & Research Network.

Tenable Bolsters Tenable OT Security to Deliver the Broadest Coverage for Operational Technology and Industrial Control Systems (GlobeNewswire News Room) Updates to core functionality make it easier than ever for IT security teams to gain visibility, security and compliance for their OT environments...

Technologies, Techniques, and Standards

How to Tackle the Prevailing Cybersecurity Skills Gap in Society (MUO) Not enough people are educated about cybersecurity and that leaves everyone vulnerable. Here's why and how we can address this issue.

ECB To Test Banks' Cyber Defences As Risks Grow (Barron's) The European Central Bank will next year test eurozone lenders' defences against cyberattacks, a top official said Thursday, as the risk of hacking attempts is seen to have increased since the pandemic and Russia's invasion of Ukraine.

ECB Will Hold Cyber Attack Stress Test for Banks Next Year (Bloomberg) The European Central Bank will test lenders next year on their ability to recover from a successful cyber attack as tensions with Russia over the war in Ukraine push the issue further up the list of priorities for regulators.

European Central Bank to Test Cyber Resilience of Banks (Insurance Journal) The European Central Bank plans to test the cyber resilience of the euro zone's top banks after a sharp rise in cyberattacks, including after Russia's

Design and Innovation

Meet the AI expert who says we should stop using AI so much (MIT Technology Review) Meredith Broussard argues that the application of AI to deep-rooted social problems is already producing disastrous results.

QuSecure Pioneers First-Ever U.S. Live End-to-End Satellite Quantum-Resilient Cryptographic Communications Link Through Space (Business Wire) Unprecedented Breakthrough in Secure Satellite-to-Earth Communications Using Starlink Satellite Sets the Pace for Post-Quantum Cryptography Innovation and Development

Academia

Turning kids away from cybercrime (Computing) As cybercrime continues to rise so do efforts to divert young people from the dark side, but are they doing enough?

Legislation, Policy, and Regulation

China getting bolder and better in cyberspace, spy chiefs warn (Washington Post) An emboldened China hones its craft and gets more aggressive in cyberspace

Russia, China anxieties dominate annual hearing on global security threats (Washington Post) Putin’s strategic patience in prolonging the war in Ukraine concerns U.S. officials

Cybersecurity in the US President's Budget for Fiscal Year 2024. (CyberWire) The US President's Budget for FY 2024 includes substantial increases for cybersecurity, and does so in the context of the National Cybersecurity Strategy.

Biden’s budget proposal underscores cybersecurity priorities (Washington Post) Biden’s budget proposal shows the president’s cyber priorities

Biden Budget Proposal: $200M for TMF, CISA With 4.9% Budget Boost (Meritalk) The Biden administration’s fiscal year (FY) 2024 budget request issued today by the White House features a proposed $200 million addition to the Technology Modernization Fund (TMF), and a 4.9 percent annual budget increase for the Cybersecurity and Infrastructure Security Agency (CISA).

Cybersecurity Poised for Spending Boost in Biden Budget (Gov Info Security) An overview of the White House's spending blueprint for the coming federal fiscal year shows big proposed increases for cybersecurity. CISA would receive $145

POSTURE STATEMENT OF GENERAL PAUL M. NAKASONE (U.S. Cyber Command) POSTURE STATEMENT OF GENERAL PAUL M. NAKASONE

Four ways to give the national cybersecurity strategy some teeth (SC Media) Here are four steps Congress should take to give the Biden administration's national cybersecurity strategy teeth.

Deputy Secretary of Defense Signs 2023-2027 DoD Cyber Workforce Strategy (U.S. Department of Defense) On Feb. 27, 2023, Deputy Secretary of Defense Dr. Kathleen H. Hicks signed the 2023-2027 DOD Cyber Workforce (CWF) Strategy, which sets the foundation for how the department will foster a cyber

In new cyber workforce strategy, DoD hopes 'bold' retention initiatives keep talent coming back (Breaking Defense) "Everyone recognizes our shortages and our problem," Mike Gorak said. "So we're going to try new things and we're going to try innovative things, which, not all will work. and that's okay."

Pentagon pursues remote work, employee training programs to attract cyber workers (Axios) The federal government has struggled to compete with private sector cybersecurity roles.

U.S. Chamber of Commerce calls for AI regulation (Reuters) The U.S. Chamber of Commerce on Thursday called for regulation of artificial intelligence technology to ensure it does not hurt growth or become a national security risk, a departure from the business lobbying group's typical anti-regulatory stance.

Proposed FCC Rule Redefines Data Breaches for Communications Carriers (Dark Reading) If the proposed rule is approved, organizations would need to disclose all data breaches, even one that does not cause any harm, to affected customers.

Lawmaker: Schools need federal advocate to negotiate cyber contracts (GCN) Sen. Ron Wyden penned a letter to Education Secretary Miguel Cardona, asking the agency to assist U.S. schools in drafting cybersecurity and data protection contracts with technology firms.

US must revive, dominate electronic warfare, Pentagon CIO Sherman says (C4ISRNet) "As we get ready for China," CIO John Sherman told Congress, "we better be able to fight and dominate in this space."

A former TikTok employee is secretly fighting the company on Capitol Hill (Washington Post) His claims of data-security flaws, which the company disputes, underscore how seriously Congress has begun taking the wildly popular short-video app with more than 100 million users nationwide.

Litigation, Investigation, and Law Enforcement

Inadvertent Data Destruction After a Cyberattack Can Violate EU Privacy Rules (Wall Street Journal) An Irish healthcare group was recently fined almost half a million dollars for unintentionally destroying patient records as it worked to recover from a ransomware attack.

FBI investigates data breach impacting U.S. House members and staff (BleepingComputer) The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and personal information was stolen from DC Health Link's servers.

Congressman says his name was wrongly searched by FBI (Washington Post) Rep. Darin LaHood says a classified report indicates Section 702 authority was wrongly used against him

Congressman says he was target of ‘wrongful’ data searches by FBI (The Record) Rep. Darin LaHood (R-Ill.) revealed on Thursday that he had been the target of data searches by the FBI.

Who’s Behind the NetWire Remote Access Trojan? (KrebsOnSecurity) A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of…

Catholic group spent millions on app data that tracked gay priests (Washington Post) A group of philanthropists poured money into a Denver nonprofit that obtained dating and hookup app data and shared it with bishops around the country, a Post investigation has found

Blackbaud To Pay SEC $3M Over Ransomware Disclosures (Law360) Blackbaud Inc. has agreed to pay $3 million to resolve the U.S. Securities and Exchange Commission's allegations that the cloud-computing company crafted misleading disclosures about the massive ransomware attack that affected thousands of its customers in 2020, the SEC announced Thursday.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

(ISC)² Security Congress 2023 (Nashville (and virtual), Tennessee, USA, Oct 25 - 27, 2023) This year’s (ISC)² Security Congress theme, Lead with Confidence, champions the growth and vitality of cybersecurity professionals in every phase of their career through engaged learning that builds the competence and confidence to lead. The 13th annual (ISC)² Security Congress 2023 will bring together cybersecurity professionals from around the world for industry-leading education, compelling keynotes, exclusive networking, inside-track career resources, exhibitor showcases and much more, delivered all under one roof at the stunning Gaylord Opryland resort. From expert advice to industry insights, hear from the profession’s most knowledgeable speakers and participate in conversations about the hottest topics in cybersecurity.

Events

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Mar 13 - 17, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.

Security & Policing (Farnborough, England, UK, Mar 14 - 16, 2023) Security & Policing, the official Government global security event, returns to the Farnborough International Exhibition and Conference Centre between 14-16 March 2023. Hosted by the Home Office’s Joint Security & Resilience Centre (JSaRC), Security & Policing offers a world‐class opportunity to meet and discuss the latest advances in delivering national security and resilience with leading UK suppliers, UK and overseas Government officials and senior decision makers across the law enforcement and security sectors. There is no general admittance to Security & Policing and all visitors and exhibitors are subject to Home Office approval.

GISEC Global (Dubai, UAE, Mar 14 - 16, 2023) With the ever-changing global landscape, it is increasingly essential to strengthen cybersecurity across industries. GISEC Global offers a platform for key industry leaders and names to come together in order to stay ahead of potential threats, discover innovative strategies and remain secure from major disruptions.

SINET– Silicon Valley 2023 (Mountain View, California, USA, Mar 16, 2023) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

SGTech Week 2023 (Park Plaza Amsterdam Airport, Netherlands, Mar 20 - 24, 2023) The 4th annual SGTech Week 2023 brings together 150+ utility Substation, SCADA System, Utility Telecom and Cybersecurity colleagues, for a review of the latest smart grid implementation projects and innovation roadmaps. The week-long programme combines a series of Standardisation workshops, with C’level plenary sessions, techno-commercial case-study presentations, technology innovation panel debates, and intimate end-user roundtable discussions, to drive awareness of recent successes and setbacks as well as stimulate new ideas to drive the deployment of the smart grid further faster.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.