The convergence among criminals and nation-state espionage services continues to develop, as US Cyber Command chief Admiral Rogers warned Congress during budget hearings this week. Lest one be tempted to write such warnings off as mere appropriations-driven FUD, compare recent reports of PLA code appearing in ransomware, and of stolen digital certificates used in both espionage and malware campaigns.
The US Department of Justice warns that ISIS is actively seeking cyber attack tools; it's unclear whether the warning derives from specific intelligence or is instead a sensible conclusion drawn from a priori possibility.
Anonymous say it will start hitting US Presidential candidate Donald Trump's online presence on April 1. A10 Networks thinks Trump's campaign unusually well-prepared against such attacks. (We may see, although the activities of any anarcho-syndicalist collective are difficult to predict. Just ask Ghostshell.)
Sophisticated crooks impersonate FinCERT to successfully phish Russian banks.
The Olympic Vision business email compromise campaign continues to hit companies in the Middle Eastern and Asia-Pacific regions.
Several malware developments are worth noting. Palo Alto says malware authors have found ways around iOS defenses with "AceDeceiver." Recorded Future reports upgrades to Hydra, a version of Umbra Loader with Tor-based support. Shape Security describes Sentry MBA, an automated tool for credential stuffing. TeslaCrypt has become harder to break ("unbreakable," according to Cisco Talos). Fortinet finds that Nemucode has added ransomware functionality.
Information sharing remains a vexed issue, especially government-to-corporate sharing, but TruSTAR and others increasingly focus on sharing techniques as opposed to mere threat data.