Mountain View, California: the latest from SINET ITSEF 2016
SINET IT Security Entrepreneurs Forum (ITSEF) 2016: "Bridging the Gap Between Silicon Valley and the Beltway" (SINET) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge
SINET ITSEF 2016: Government Support for Cyber Security Innovation (The CyberWire) We heard from Canada's Minister of Defense, Australia's Data61, and the US Department of Homeland Security
Cyber Attacks, Threats, and Vulnerabilities
Disrupt ISIS’ Online Campaign in Africa (Defense One) As Internet access expands in Africa, so does the Islamic State's network-facilitated extremism
America Can’t Do Much About ISIS (Defense One) That leaves patience, containment, and humanitarian aid as the least-bad policies while waiting for this awful war to play itself out
CryptXXX set to become the worst bitcoin-stealing ransomware yet (Brave New Coin) Bitcoin has a new and potentially considerable threat to its reputation, if California cybersecurity firm Proofpoint is correct. Last week, the company warned that a previously undocumented ransomware sample that they found, CryptXXX, would not only be encrypting files locally and on all mounted drives, “it’s stealing Bitcoins and a large range of other data”
Follow The Money: Dissecting the Operations of the Cyber Crime Group FIN6 (iSight Partners) Cybercrime operations can be intricate and elaborate, with careful planning needed to navigate the various obstacles separating an attacker from a payout
Cyber-Thieves Rush to Steal Data Before Chip Technology Sets In (Bloomberg Technology) Cyber-thieves see new credit card chip technology being adopted by U.S. retailers closing a lucrative window of opportunity to steal your data. So they want to move fast
How One Cybercrime Gang Is Ratcheting Up PoS Attacks (Dark Reading) With magnetic-stripe payment card transactions gradually starting to disappear in the US, cybercriminals have been on a tear with PoS attacks against retail and hospitality targets that haven't yet adopted EMV card payment, FireEye researchers say
Dorkbot: 5 years since detection (We Liive Security) In the half-decade that has lapsed since Dorkbot was first identified, millions of innocent victims, going about their everyday business, have been affected in over 190 countries
The Four Element Sword, Weaponized Document Builder Used in APT Attacks (Security Newspaper) Experts analyzed a dozen attacks that leveraged on malicious RTF documents created using the same Four Element Sword builder
Is Homeland Security's threat intelligence sharing mechanism putting PII and PHI at risk? (Government Health IT) Cyber attacks and data breaches clog the newsfeeds. And for good reason, when you consider the proliferation of threats
Treasury CIO: No data stolen through backdoor in govt networks (The Hill) The Treasury Department’s chief information officer came under fire on Wednesday over the government’s use of a vulnerable technology that some fear could have let foreign governments snoop on encrypted U.S. communications
The app you're using to find stoner buddies could be broadcasting your location to the cops (Tech Insider) HighThere, the "Tinder for Tokers," is a stoner app for finding smoking buddies
Vast majority of tested applications have at least one vulnerability: cyber security report (Canadian Underwriter) Cyber criminals are increasingly making use of malware-as-a-service, an issue of concern given that 97% of applications tested by Trustwave in 2015 had at least one vulnerability, note findings from the 2016 Trustwave Global Security Report
Q1 2016 Global DDoS Threat Landscape Report (Imperva Incapsula) Every DDoS attack mitigated is an invitation for the attacker to try harder. This is the reality of DDoS protection business and the common motive for many of the trends we are observing in the DDoS threat landscape today
Reviewing the Threat Landscape With IBM X-Force: Serious Data Breaches, Major Attacks and New Vulnerabilities (IBM Security Intelligence Blog) Year after year, IBM X-Force assesses and examines the goings-on in the world of cybersecurity and cyberthreats. A broad survey of our entire data set often yields interesting results that lead to the discovery of underlying trends. After all, you cannot find the needle in the haystack if you are looking in the wrong hay field
SC Congress Amsterdam: Cyber-warfare - "we are all involved in this" (SC Magazine) Although some would argue that cyber-war is still in its infancy, it is - according to our panel of experts at the SC Congress Amsterdam - well under way across the globe
U.S. cyber officials worry 'milware' will target infrastructure (Defense Systems) It’s no secret cyber threats are becoming more widespread and advanced. Just look no further than Ukraine’s power grid that was knocked out in a first-of-its-kind coordinated cyber attack
Bureau of Meteorology target of 2015 cyber attack, Prime Minister Malcolm Turnbull confirms (Australian Broadcasting Corporation) The Federal Government has confirmed for the first time the Bureau of Meteorology was the target of a cyber attack
Cyber Trends
700 Million People Just Got Encryption That Congress Can’t Touch (Wired) Last month, WhatsApp, the hugely popular messaging service that Facebook owns, made end-to-end encryption the default for its 1 billion users. On Tuesday, Viber said it will do the same for the 700 million people who use it
Encryption delivers quantum of solace (SC Magazine) Data creation and transmission is growing exponentially, with 2.8 zettabytes of data created in 2012, forecast to reach 40 zettabytes (ZB) by 2020 (IDC), and currently encryption offers the best option to secure all that data says Roi Perez
End-Point Devices Pose Challenges to Healthcare Cybersecurity (Health IT Security) A recent study found that healthcare cybersecurity, as well as other areas of cybersecurity, could be impacted by end-point devices
Cybersecurity Implications of IoT Innovation with the Healthcare Industry (Tenable) he Internet of Things has the potential to revolutionize the world, including healthcare. But doctors, hospitals and medical experts might want to pause before adopting this technology and evaluate the cybersecurity challenges
Retailers now leading cyber-attack target, eclipsing financial sector (Retail Dive) Retailers now experience the most cyber attacks of any industry sector—three times as many as the previous top target, the financial industry—according to information and communications technology firm NTT Group's 2016 Global Threat Intelligence Report
Survey: Federal employees' confidence in agencies' cybersecurity plunges (FierceGovernmentIT) Confidence in agency cybersecurity among federal employees has dropped drastically over the past two years, according to a survey Dell conducted with the Government Business Council and released Wednesday
Marketplace
Global Cyber Security Market Size to Grow From USD 106.32 Billion in 2015 to USD 170.21 Billion by 2020 - Research and Markets (BusinessWire) Research and Markets has announced the addition of the "Cyber Security - M&A Partnerships 2014 - 2015" mergers & acquisitions to their offering
Security Appliance Market to See 11.38% CAGR: IP-Based Video Surveillance Driving Growth to 2020 (PRNewswire) According to the 2016 security appliance market report, there has been an increased adoption of monitoring solutions to prevent unauthorized access to property and information
Meet The World's Largest Pure-Play Cybersecurity Companies (Forbes) Looking for a list of the world’s largest pure-play cybersecurity companies by market capitalization? Look no further
Data breaches fueled valuations of cyber firms (SC Magazine) Stoked by headlines announcing major data breaches, the stock valuations of cybersecurity companies outperformed the Nasdaq and S&P 500 by double over the past three years, according to Bessemer Venture Partners' new Cyber Index, released on Tuesday
Why Palo Alto Will Exceed Street Expectations Again (MoneyShow) The need for data security solutions continues to increase but data security stocks have underperformed during 2016 says Michael Berger, Associate Editor of MoneyShow.com, who highlights his favorite stock in this sector, Palo Alto Networks
Dell's SecureWorks Set to Price First U.S. Tech IPO of the Year (Bloomberg Technology) SecureWorks Corp., the cybersecurity company owned by Dell Inc., is planning to go public this week in the first initial public offering of a U.S. technology company this year, after the slowest start for offerings since the recession
IBM's Big Investments Will Take Time To Mature (Forbes) IBM’s recent earnings announcement created quite the stir on Wall Street
IBM: An Ugly Quarter But A Beautiful Future Awaits The Patient Investor (Seeking Alpha) IBM reported its 16th consecutive quarter of decreasing revenue. Profits also fell from $2.91 to $2.35 but beat expectations (Zacks) of $2.09. IBM has unique resources available to exploit future business opportunities
Despite Currently Trading At A Premium, Cisco Offers Promising Upside (Seeking Alpha) Advancements into IT services and software have helped bring new growth and life into a very large, mature company. Aside from a safe and reliable business model, the software giant offers serviceable growth, strong free cash flow and a nice dividend. Strategic acquisitions play a big factor into this article's DCF analysis of Cisco.
Alert Logic Surpasses $100 Million in Annualized Revenue (MarketWired) Company exceeds $103 million run rate, 3,800 customers with Q1 2016 results
Check Point CEO Says Security Vendor Is Starting To See Benefits Of Shift To Subscription Services (CRN) Check Point Software Technologies is continuing its push toward a recurring revenue model with its software blades -- a push that CEO Gil Shwed said is starting to gain traction with customers
Bugcrowd, producer of tech-security platform, closes $15 mln Series B round (PE Hub Network) Bugcrowd Inc, the San Francisco developer of a crowdsourced tech-security platform, closed $15 million of Series B funding, led by Blackbird Ventures, the New South Wales, Australia, venture firm
Corero sees strong support for fund-raising Share (Proactive Investors) Shareholders will have the opportunity to participate in the share issue
With Cash in Hand, New DC VC Firm Opens Shop to Fund Cyber (DCInno) From 1717 Pennsylvania Ave NW, Tom Kellermann can nearly see the green grass on the White House's north lawn
DHS and Pentagon Race to Close Cyber Gap (GovTechWorks) The shortage of cyber security talent across the government and commercial sectors keeps expanding. No one knows how big that number is, but security firms and government officials regularly cite estimates of 1 million or more cyber job vacancies worldwide
Senate seeking sources for cyber support services (Federal Times) The Senate Office of the Sergeant at Arms and Doorkeeper (SSA) is building up the chamber’s cybersecurity posture and wants to know how the private sector can help
Chuck Brooks Selected Cybersecurity Marketer of the Year at The Cybersecurity Excellence Awards (Virtual Strategy Magazine) Chuck Brooks was selected as the Winner of the category "Cybersecurity Marketer of the Year" at the 2016 Cybersecurity Excellence Awards
Products, Services, and Solutions
ESET offers beta version of home internet security (GDN) ESET, a global pioneer in IT security for more than two decades, has announced the availability of its beta version of ESET Nod32 Antivirus 10 together with a brand new product designed for home users - ESET Internet Security
Generic Ransomware Detection Comes to OS X (Threatpost) With each new unrelenting ransomware sample, security researchers understand that no matter how quickly antivirus signatures are updated or how rapidly decryptors are built and shared, current defenses will continue to fall short. The problem is that most adequate defenses are sample-specific; Kaspersky Lab has built ransomware decryptors for CoinVault and Bitcryptor, and Cisco has a similar tool to unlock some TeslaCrypt infections, just to name two
Exostar Announces Solution to Facilitate Contractor Compliance with Latest DoD Cybersecurity Rules (BusinessWire) Defense contractors face action plan and compliance deadline for protection of covered Defense information throughout their subcontractor and supplier networks
Absolute Extends Persistence Technology to Secure Third Party Software Applications (CNW) Absolute® (TSX: ABT), the industry standard for persistent endpoint security and data risk management solutions, launched a new service that will persistently reinstall software agents from independent software vendors for existing Absolute customers
Illumio’s cyber assessment program helps find new attack surfaces ASAP (Network World) Program can reduce the number of possible paths malware can traverse, minimizing the blast radius of any breach
ThreatTrack centralizes malware and intrusion analysis with ThreatSecure Network update (FierceEnterpriseCommunications) In the latest incremental release of its security product, ThreatTrack has beefed up its ability to aggregate sensor data from a variety of locations across a network and deepened the integration with its own ThreatAnalyzer technology
Technologies, Techniques, and Standards
Tips for detecting ransomware and other malware before it cripples your network (Healthcare IT News) CISOs and security analysts from top-tier firms offer highly effective advice and tactics for rooting out and getting rid of malicious code
Crowdstrike CEO George Kurtz: Indicators of attack are the future (Fed Scoop) Organizations will continue to monitor indicators of compromise, but tracking IoAs allows security professionals to thwart an attack as it’s unfolding rather than after the fact, he said
Cyber threats coming from the inside (Security Brief) Awareness amongst business leaders around IT security, particularly within government, is on the rise, according to SolarWinds, who says company data leaks dominating news headlines is contributing to the increase
Combating ‘human nature’ security risks (IT Pro Portal) The phrase ‘it’s just human nature!’ is more than a cliché. Cybercriminals already appreciate this notion, as evident in the rise of successful phishing and other social engineering attacks
Can Moving to the Cloud Solve Your Cyber Labor Shortage? (GovTechWorks) Agencies and businesses have many reasons for moving to the cloud, from lower costs to simpler management and faster development, for example – but worries over security hold them back
Legislation, Policy, and Regulation
Australia admits to running offensive cyber-ops team (Register) New Cyber Security Strategy pours money on collaboration centres, industry
Government admits cyber attack capacity (AM) The Australian Government has admitted for the first time that it has the ability to launch cyber attacks. The statement is contained in a $230 million Cyber Security Strategy that will be launched by the Prime Minister today
Australian cybersecurity to take 'big science' approach (Out-Law) Australia should take advantage of cutting edge science to tackle cybersecurity issues, the head of the country's cyber defence group has said
Dell SecureWorks APJ head warns businesses need to act now on security (ARN) Liam Rowland welcomes government's new cyber security strategy
Rules For Cyberwarfare Still Unclear, Even As U.S. Engages In It (NPR) When Defense Secretary Ashton Carter landed in Iraq for a surprise visit this week, he came armed with this news: More than 200 additional U.S. troops are headed to that country. They'll join the fight to retake the Iraqi city of Mosul from the Islamic State. As that battle unfolds on the ground, a parallel war against ISIS is unfolding in cyberspace
Apple, FBI Encryption Debate Continues At Congressional Hearing (InformationWeek) The US House Energy & Commerce Committee hosted two panel discussions April 19, in the hope of advancing an open debate about government access to encrypted technologies. Representatives heard from Apple's top lawyers, as well as law enforcement
Microsoft, Facebook and Google Line Up Against New Encryption Bill (Fortune) Tech groups warn a proposed law would make devices like smartphones less secure
'The War on Cryptography Is a War on Online Banking' (American Banker) In the conclusion of a three-part interview, Ryan Singer, a blockchain-tech entrepreneur, explains why bankers should care about Washington's resurgent efforts to insert back doors into security systems
Is the FCC Inviting the World's Cyber Criminals into America's Living Rooms? (CircleID) In October 2012, the Chairman and Ranking Member of the House Intelligence Committee issued a joint statement warning American companies that were doing business with the large Chinese telecommunications companies Huawei and ZTE to "use another vendor."
Agencies of all sizes struggling to fix critical cyber vulnerabilities (Federal News Radio) In the 10 months since the Homeland Security Department started requiring agencies to fix all critical vulnerabilities within a month, 39 of the more than 360 at-risk cases remain unpatched
Air Force Updates Doctrine on Cyberspace Operations (Federation of American Scientists) Within living memory, even a passing mention of cyber weapons or U.S. offensive activities in cyberspace was deemed sufficient to justify national security classification
DISA director: ‘Gloves are off’ in cyber war, time for new defenses (Federal News Radio) In describing a handful of his agency’s top cybersecurity acquisition priorities, the director of the Defense Information Systems Agency said DoD needs new tools to grapple with the fact that cyber adversaries have become much more brazen in recent years, and are no longer concerned with whether or not they’re detected when trying to penetrate Defense networks
Release: Gov. Nixon announces statewide cybersecurity preparedness initiative (Missouri Times) Speaking to the State Emergency Management Agency’s 28th Annual Missouri Emergency Management Conference today, Gov. Jay Nixon announced the Missouri Office of Administration has been awarded a grant from the U.S. Department of Homeland Security for a statewide cybersecurity preparedness initiative
Indiana's New Cybersecurity Council Will Beef Up State's Cyber Infrastructure (Government Technology) The new council also will encourage economic development in the cybersecurity sector
Litigation, Investigation, and Law Enforcement
Public advocate: FBI’s use of PRISM surveillance data is unconstitutional (Washington Post) A public advocate appointed by the nation’s secretive surveillance court last year argued that a little-known provision of the PRISM program, which enables the FBI to query foreign intelligence information for evidence of domestic crime, violated the Constitution
Sixth arrest in Talk Talk cyber attack case (Belfast Telegraph) A teenager has become the sixth person to be arrested in connection with the alleged data theft from TalkTalk
Hacker of Army Reserve computer program indicted (Fayetteville Observer) An Atlanta-based defense contractor has been arrested in connection with the sabotaging of an Army Reserve computer program in 2014
Donald Trump: Clinton won't be indicted (Politico) Alleging that “she’s being protected,” Donald Trump said Wednesday he did not think Hillary Clinton would be indicted for the email controversy that the FBI is investigating