State-conducted offensive cyber campaigns attract attention and spur worries of more destructive operations to come. Cylance has released its report on what it calls "Operation Cleaver," an alleged Iranian cyber campaign directed against Western targets. At least fifty companies and agencies are said to have been prepped for attack through reconnaissance and initial compromise: they include energy companies, airlines and airports, hospitals, government agencies and military organizations. Forbes quotes analysts as saying the level of access attackers achieved is "bone-chilling," and that Cleaver amounts to revenge for Stuxnet.
North Korea may, however, present a more proximate threat, as consensus attributes the Sony hack to the DPRK. The FBI is investigating what former NSA Director Alexander calls "an act of war." Leaked films and compromised personal data are perhaps the least troubling of the attack's effects: the FBI draws particular attention to the master boot record overwrite capability, the "computer-killer" of journalese. Observers see functional similarities to Shamoon (which hit Saudi Aramco in 2012) and 2013's WhoIs attack on South Korea's banking sector. Several news outlets offer overviews of North Korea's cyber capabilities. Analysts (and presumably the SEC) wait for Sony to file an 8-K risk disclosure.
Iranian and North Korean capers have pushed them off the front pages, but grousing about delayed disclosure of Regin and marveling at the glib success of FIN4's market manipulation continue.
New point-of-sale malware continues to emerge, notably LusyPOS and BlackPOS variants.
CyberCom Pentagon daddy Ashton Carter will probably be the next US Defense Secretary.