Two major cyber stories break at Kaspersky's Cancun shindig, both still developing. First, Kaspersky Lab lays out its research on the "Equation Group," hacking "gods" (Kaspersky Lab is pretty star-struck here) who, researchers say, were able to install "permanent" surveillance and sabotage tools on the networks of countries and groups of interest. The campaign may go back as far as 2002. It's said to have used booby-trapped CDs among its earliest vectors, and succeeded in compromising commonly used hardware. Kaspersky suggests links among the Equation Group, Flame, Stuxnet, and Regin. (Journalists infer that Equation Group is a US Government operation.)
The second story is less surprising (Krebs and Cluley both point out that it's been breaking, at least in incipient form, for months) but shocking nonetheless: a Russian cyber criminal group has succeeded in siphoning off about $1B from banks worldwide. Don't be misled by Blofeldian details of ATMs in Kiev spitting out cash into reading this as a local story: "Carbanak" hit about 100 banks and seems to have made use of surveillance tools earlier deployed against government and industry targets. (Few journalists infer Russian government involvement with cyber Mafiosi.)
ISIS information operations (against a UAE newspaper and US service members' Twitter accounts among other targets) prompt a revamped US response (State Department has the lead). Trend Micro reports on Arid Viper, an anti-Israeli cyber campaign controlled from Gaza, using servers located in Germany.
President Obama's cyber Executive Order attracts more reviews. So does Apple CEO Cook's summit presentation.