Cyber Attacks, Threats, and Vulnerabilities
Surprise! NotPetya Is a Cyber-Weapon. It's Not Ransomware (BleepingComputer) The NotPetya ransomware that encrypted and locked thousands of computers across the globe yesterday and today is, in reality, a disk wiper meant to sabotage and destroy computers, and not ransomware. This is the conclusion of two separate reports coming from Comae Technologies and Kaspersky Lab experts.
Petya: Is it ransomware or cyberwarfare? (CSO Online) It turns out Petya isn't ransomware, but a cyber weapon being used to carry out cyberwarfare activities.
Petya not a ransomware but much worse (HackRead) The breakout of the Petya malware two days ago has caused mayhem once again. It has been the second major global cyber attack after the WannaCry incident.
ExPetr/Petya/NotPetya is a Wiper, Not Ransomware (SecureList) After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made.
KnowBe4 CEO Calls New Global Ransomware Outbreak Cyber Warfare (BusinessWire) KnowBe4 CEO Calls New Global Ransomware Outbreak Cyber Warfare -- Security experts say the new attack is more than an apparent ransomware infection
Petya Ransomware Epidemic May Be Spillover from Cyberwar (WIRED) When a ransomware outbreak exploded from Ukraine across Europe yesterday, disrupting companies, government agencies, and critical infrastructure, it at first appeared to be just another profit-focused cybercriminal scheme—albeit a particularly vicious and damaging one. But its origins in Ukraine raised deeper questions. After all, shadowy hackers have waged a cyberwar there for years, likely at Russia's bidding.
The Latest Ransomware Took Advantage of a Devilishly Clever Trick (Motherboard) Usually, ransomware may be spread via emails or websites. But at least some victims of this latest wave were infected by a software update, according to researchers and law enforcement.
Teardown of 'NotPetya' Malware: Here's What We Know (BankInfo Security) Malware known as NotPetya, SortaPetya or GoldenEye continues to spread globally, infecting endpoints via leaked Equation Group exploits as well as built-in Windows
Security Alert: New ransomware outbreak combines attack vectors, delivers malware cocktail (Heimdal Security Blog) This new Petya ransomware outbreak has infected computer servers all over the globe. Learn how to stay safe and protect your data.
Ransomware 'Nyetya' behind new global cyber attack: Cisco (The Economic Times) Nyetya is very similar to WannaCry, the ransomware that affected 200,000 people in 150 countries in May, encrypting data on infected computers and asking for a ransom to recover them.
New Petya Distribution Vectors Bubbling to Surface (Threatpost) Microsoft has made a definitive link between MEDoc and initial distribution of the Petya ransomware. Kaspersky Lab, meanwhile, has identified a Ukrainian government website used in a watering hole …
Massive Cyberattack Traced To Tax Software (Forbes) A worldwide cyberattack that affected companies in 64 different countries, including those in the United States, caused panic as security experts scrambled to find out how it happened. Microsoft now believes it can trace the origins of the cyberattack to a Ukrainian company's tax accounting software.
'Petya' Ransomware Hits At Least 65 Countries; Microsoft Traces It To Tax Software (NPR.org) An updated version of the malware has the ability to worm through computer networks, gathering passwords and credentials and spreading itself.
What we know about the kill switch in Petya ransomware attack (ABC News) Cybersecurity researchers have been racing to analyze the new ransomware that struck Tuesday, first hitting Ukraine in an avalanche of attacks before spreading to other countries around the world.
'Vaccine' created for huge cyber-attack (BBC News) A file can be used to protect against Tuesday’s global cyber-attack but will not stop the threat entirely.
'Petya' ransomware attack strikes companies across Europe and US (the Guardian) Ukraine government, banks and electricity grid hit hardest, but companies in France, Denmark and Pittsburgh, Pennsylvania also attacked
Cisco Live 2017: Why the ‘Petya’/‘Nyetya’ Ransomware Attack Tops WannaCry (BizTech) Cisco’s Talos cybersecurity group and other researchers have identified the flaws and attack methods of the latest global cyberattack.
Experten warnen: Hackerangriff noch gefährlicher als bei Wannacry (Stuttgarter Nachrichten) Experten des deutschen Sicherheitsdienstleisters G-Data halten den aktuellen Cyberangriff für gefährlicher als die „Wannacry“-Attacke im vergangenen Mai. Bei dem Angriff, der am Dienstag auch zahlreiche internationale Konzerne getroffen hatte, gebe es keinen „Notfallknopf“.
Major organisations among those affected by worldwide cyber attack (South Wales Argus) A range of organisations including big business and government offices in eastern Europe have been hit by a worldwide cyber attack.
Factory, Shipping, Law Firms Under Cyber Attack in Australia (Appsforpcdaily) It's believed the issue has filtered down to Cadbury from their parent company Mondelz International, who were the original target of this arm of the attack.
Global Cyber Attack Hit Auchan Payment Terminals in Ukraine (New York Times) A global cyber attack on Tuesday hit the terminal payments of French retailer Auchan [AUCH.UL] in its stores in Ukraine but the incident is now over, a company spokeswoman told Reuters.
Companies, governments worldwide assess damage from latest cyberattack (AP via the Chicago Tribune) Companies and governments around the world on Wednesday counted the cost of a software epidemic that has disrupted ports, hospitals and banks.
Cyber raids costing firms £310bn a year (This is Money) Ransom attacks by hackers on companies are set to double this year, an insurer has claimed – driving the £310 billion global bill from cybercrime even higher.
WRAPUP 2-Major cyber attack disrupts businesses around world (Reuters) A cyber attackwreaked havoc around the globe on Wednesday, crippling thousandsof computers, disrupting operations at ports from Mumbai to LosAngeles and halting production at a chocolate factory inAustralia.
New computer virus spreads from Ukraine to disrupt world business (Reuters) A computer virus wreaked havoc on firms around the globe on Wednesday as it spread to more than 60 countries, disrupting ports from Mumbai to Los Angeles and halting work at a chocolate factory in Australia.
Petya (Or Not) Malware: What Tanium Customers Need to Know (Tanium Blog) Several high-profile organizations are already affected by a ransomware attack which began to spread in Europe on June 27. Tanium’s EDR and TAM teams are monitoring the situation closely. Here’s what we know so far. A ransomware attack which began to spread in Europe on June 27 is showing potential to have a broader impact worldwide, with...
Companies That Paid Ransom Can’t Get Data Back From Petya Cyberattack (Meritalk) Companies that paid the ransom to retrieve their data from the Petya ransomware attack have no way of receiving the encryption key.
Maersk starts IT recovery after cyber attack (Offshore Support Journal) Maersk Group has started to recover its damaged IT systems following a cyber attack on 27 June that shut down multiple business units and ship terminals. AP Moller-Maersk was one of the victims of a global cyber attack that affected the Ukraine Government and many businesses in different industries.
LA Port Terminal Still Shut Down Following Cyber-Attack (CBS Los Angeles) The largest terminal in the Port of Los Angeles remained closed Wednesday following a cyber-attack that hit computers at various companies in Europe and around the globe.
Latest Petya ransomware attack could be worse than its predecessor (Today Online) The latest ransomware attack to hit organisations around the world has the potential to wreak even greater havoc than the WannaCry worm that struck hundreds of thousands of computers across the globe last month.
The fault for ransomware attacks lies with the challenges security teams face (CSO Online) The realities of managing and protecting IT infrastructures puts IT and security personnel in a no-win situation when attacks like WannaCry or ExPetr occur, so stop blaming them.
Petya/Not Petya Ransomware Attack: 5 Fast Facts You Need to Know (Heavy.com) Another major cyberattack, using "Petya" or "NotPetya" ransomware this time, has struck companies and government agencies in Europe and the US weeks after "WannaCry."
What the nightmare cybersecurity scenario looks like (Marketplace) This week's hack shows the potential for attacks targeting pipelines, oil rigs and transportation systems.
Are mass cyber security attacks like WannaCry and Petya now the norm? (PCR) Ransomware now has to be the number one issue for governments and security experts put in charge of fighting cybercrime. In fact, it should be the top concern for anyone running a business or even anyone who owns a computer.
Why ransomware attacks keep happening (CNNMoney) It's a business for criminals.
Electricity Delivery Is An Open Target For Cyber Threats (The National Interest) It is reckless to allow the system that provides electricity for citizens to be an open target.
Researchers Found They Could Hack Entire Wind Farms (WIRED) On a sunny day last summer, in the middle of a vast cornfield somewhere in the large, windy middle of America, two researchers from the University of Tulsa stepped into an oven-hot, elevator-sized chamber within the base of a 300-foot-tall wind turbine.
FedEx says cyberattack targeted TNT Express unit's global operation (The Commercial Appeal) The cyberattack was the second experienced by FedEx since May, when a computer virus affected sorting at the company's Memphis hub.
Before NotPetya, There Was Another Ransomware That Targeted Ukraine Last Week (BleepingComputer) Last week, long before the Petya / NotPetya ransomware broke out, there was another ransomware campaign that targeted Ukrainian users with a vengeance.
Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons (New York Times) Hackers in two global attacks have used cyberweapons stolen from a dangerous collection that had been amassed by the agency.
'The ultimate cyberweapon for espionage': The 'Petya' cyberattack is exploiting a powerful NSA tool (Business Insider) "Any cybercriminal, terrorist organization, or government can take these tools, weaponize them, and run their own attack," said Greg Martin, a...
Shadow Brokers Taunt and Blackmail NSA (Infosecurity Magazine) Shadow Brokers provide promised exploits and leaked data at June's end and promise more in July
Shadow Brokers threatens to expose NSA hacker’s covert operations against China (RT via Newsline) The Shadow Brokers has threatened to name and shame a former NSA Equation Group member “writing ugly tweets” about the hacking group. The hacking group levied an attack against a Twitter user it calls “doctor,” whom it accuses of tweeting unjustified …
Vault 7: CIA Malware for Tracking Windows Devices via WiFi Networks (BleepingComputer) Today, WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of WiFi-capable Windows devices based on the ESS (Extended Service Set) data of nearby WiFi networks.
WikiLeaks Dump Reveals a Creepy CIA Location-Tracking Trick (WIRED) How many people specifically know where you are right now? Some friends and family? Your coworkers, maybe? If you're using a Windows laptop or PC you could add another group to the list: the CIA.
Remote code execution flaws exposed in Kaspersky Server software (ZDNet) Core Security's advisory reveals a number of dangerous vulnerabilities in the antivirus server solution.
Catching up with Blank Slate: a malspam campaign still going strong (SANS Internet Storm Center) "Blank Slate" is the nickname for a malicious spam (malspam) campaign pushing ransomware targeting Windows hosts.
U.K. Parliament maintains restrictions after email hack (Information Management) Hackers gained access to lawmakers’ accounts that had used "weak passwords" that did not comply with government guidance, a spokeswoman said.
Linux malware gaining favor among cybercriminals (SC Media US) Linux malware is becoming a more important tool for cybercriminals as these individuals focus a greater portion of their attention on attacking IoT devices running the open-source operating system.
Information Stealer Found Hitting Israeli Hospitals (TrendLabs Security Intelligence Blog) The abuse of shortcut (LNK) files is steadily gaining traction, so it's not surprising that we discovered another information stealer employing LNK files.
8Track Hacked: 18M accounts from music social network site stolen (HackRead) A Dark Web hacker going by the online handle of "nclay" is claiming to have hacked the popular Internet radio and social networking website 8Track.com and
Army WIN-T Network vs Russia & China Attack (Scout.com) Critics of the network are raising questions as to its ability to perform necessary combat functions amid jamming, electromagnetic interference and cyberattacks from a technologically advanced enemy.
Guardian finally admits its WhatsApp claims were wrong (ITWire) A little more than five months after it claimed that a WhatsApp design feature meant that some encrypted messages could be read by a third party, The Guardian has backed down and admitted that the report was wrong.
Flawed reporting about WhatsApp (the Guardian) Open door: Cumulative effect of missteps led the Guardian to overstate the potential impact on the security of users’ messaging
Security Patches, Mitigations, and Software Updates
Microsoft Issues ‘Important’ Security Fix for Azure AD Connect (Threatpost) Microsoft is warning customers of an “important” update to its Azure AD Connect service that could allow for an elevation of privilege attack against affected systems.
Cyber Trends
IoT 2017 – Securing the Things: A CyberWire Special Edition (The CyberWire) In this CyberWire Special Edition we speak with IoT experts who provide their take on the current state of the internet of things for consumers, enterprise, industrial control and even self-driving cars.
PetrWrap & WannaCry Won't Teach Businesses To Better Protect Themselves Online (Forbes) The sad truth is that the vast majority of people in management, just don't want to know.
Top cloud challenges: Security, compliance, and cost control (Help Net Security) The cloud is not living up to expectations because of compliance and security concerns, downstream costs, and cloud management tools on the market.
Marketplace
Cybersecurity stocks rally as ransomware attack targets thousands of computers (CNBC) Cybersecurity stocks rose on Wednesday following a large-scale ransomware attack.
Ransomware's Human Enablers (Bloomberg Gadfly) Cyber-security selloff highlights how boosting IT spending isn't enough.
The next generational shift in enterprise infrastructure has arrived (TechCrunch) Cloud computing is driving growth at 3 of the 5 most valuable companies in the world. AI will impact jobs only as quickly as AI-powered business software..
Average Bug Bounty Payments Growing (Threatpost) HackerOne released its first report on its bug bounty program, and reveals an industry shift toward enlisting hackers for better cybersecurity.
()
Bitcoin bull unfazed by cyberattacks (Philly.com) Michael Novogratz says cryptocurrencies could be worth more than $5 trillion in five years - if the industry can come out of the shadows.
Microsoft Turns to AI to Fight Cyberattacks (Investopedia) Microsoft is turning to artificial intelligence in the wake of the WannaCry ransomware attacks.
There's A Fight Brewing Between The NYPD And Silicon Valley (BuzzFeed) Big data helped New York's cops bust Bobby Shmurda. But as the NYPD's contract with tech giant Palantir comes to an end, things could get messy.
3 Reasons FireEye Inc (FEYE) Stock Is a Little Too Risky (InvestorPlace) FireEye (FEYE) still faces some serious issues and the FEYE stock price may have gotten ahead of itself. Here's what you need to know.
Q&A: Fortinet CEO Xie On Why The Company Will Beat Cisco, Palo Alto Networks And Check Point As The Network Security Market Evolves (CRN) In an interview with CRN, Fortinet CEO Ken Xie said the network security market is entering its third generation and Fortinet will need the channel to get a leg up on the competition.
Kris Lovejoy's BluVector Unlocks The 'Genome' For CyberSecurity (Forbes) BluVector was founded on the premise that the approaches most security technologies were based on were doomed to failure. They wanted to change that dynamic and turn security on its head.
AlertSec Aims to Make Encryption Security More Accessible (eSecurity Planet) Ebba Blitz isn't a typical technology industry CEO and the company she leads isn't a typical security vendor either. Blitz joined AlertSec after a career in journalism in Sweden where she honed her craft of making complex subjects more understandable which is what she's now doing in a different capability with security at AlertSec
Brokerages Set Rapid7, Inc. (RPD) Target Price at $18.93 (The Cerbat Gem) Rapid7, Inc. (NASDAQ:RPD) has been assigned a consensus rating of “Buy” from the eight brokerages that are presently covering the stock, MarketBeat.com reports. Four investment analysts have rated the stock with a hold recommendation and four have given a buy recommendation to the company. The average twelve-month target price among analysts that have covered the […]
Corero wins contract with US federal government agency (Proactiveinvestors UK) Corero Network Security PLC (LON:CNS) - Corero's customer base continues to extend beyond internet services and hosting providers ... and small wonder after yesterday's wave of cyber-attacks
Duo Security Doubles Austin Footprint with Move to Historic Bosche-Hogg Building (Marketwired) Austin-based employees to relocate to renovated 14,000 square foot office by end of 2017 as headcount more than doubles
PhishLabs Recognized as a Best Place to Work (PRWeb) Charleston-based cybersecurity company is named a top employer in South Carolina.
Tenable wins Visionary Innovation Leadership Award (Control Engineering Asia) Tenable wins Frost & Sullivan’s 2017 Visionary Innovation Leadership Award, leading cybersecurity company is recognized for its continuous monitoring technology that addresses the full spectrum…
EY Announces George Kurtz of CrowdStrike Named Entrepreneur of the Year® 2017 Award Winner in Northern California (BusinessWire) EY has announced that George Kurtz, co-founder and CEO of CrowdStrike®, the leader in cloud-delivered endpoint protection, has received the Entrep
Products, Services, and Solutions
Barracuda Networks Debuts AI-Based Security Product (Media Post) Barracuda Networks has launched a tool for fighting spear phishing and cyber fraud, called Barracuda Sentinel.
Boldon James Takes the Lead With Classification Coverage For SharePoint Online (PRNewswire) QinetiQ's data security company Boldon James, the leading specialist provider...
Nomadix's Alloc8 Addresses Hotel Analytics Requirements in an Affordable Internet Monitoring and Reporting Platform (Marketwired) New standalone solution provides powerful monitoring and reporting capabilities up to 1Gbps
Singing River Health System purchased ZixEncrypt for email encryption and data loss prevention (DotMed) Zix Corporation (Zix), (NASDAQ: ZIXI), a leader in email security, announced that Singing River Health System has strengthened compliance and security by adding ZixEncryptSM.
Technologies, Techniques, and Standards
The next frontier of cyber governance: Achieving resilience in the wake of NotPetya (Help Net Security) Here’s how organizations can get ahead of existential threats and lead the charge in the next frontier of cyber governance.
()
MiFID II data security paramount, warns Silverfinch (Securities Lending Times) Data sent to regulators as part of the second Markets in Financial Instruments Directive (MiFID II) reporting requirements must be sent and managed securely, said regulatory data exchange Silverfinch.
Dave Lewis: We Can Do Better at Security Basics (Cylance) As a Global Security Advocate for Akamai, Dave Lewis counsels customers on best practices for security. While no particular industry is immune, the financial services seems to be doing quite well at security, while retailers are performing the worst.
Here's how to protect your mortgage business from the recent, global cyber attack (Housing Wire) Perhaps the most disturbing aspect of the attack, from a financial institution's perspective, is that it originated in a third-party service provider, proving that hackers have identified one of the weak spots in the financial ecosystem. In their attempts to automate the mortgage process, banks and other financial institutions rely on third-party providers to deliver a wide range of services and often have dozens of integrations with these providers.
3 Ways Corporations are Keeping Track of Data Breaches (HackRead) It seems like every other day; we see a story on the news about the latest major data breach that has compromised the personal and financial records of hun
The Life, Death, and Legacy of iPhone Jailbreaking (Motherboard) How a ragtag group of young hackers made the iPhone what it is today.
What makes a good security analyst: The character traits you need (Help Net Security) An experienced security analyst continually thinks about what is implicit to the information available to them - not just explicitly delivered.
Design and Innovation
How the Hashtag Is Changing Warfare (SIGNAL Magazine) Bots are used to manipulate opinions and advance agendas, and identifying, countering and degrading bot armies requires new tactics—battle-ready tactics.
The Quest for an Operational Cyber Edge (SIGNAL Magazine) Army officials expect to soon have approval of a rapid prototyping process for acquiring cyber and electronic warfare prototypes assessed during Cyber Quest 2017.
Open Security Controller: Security service orchestration for multi-cloud environments (Help Net Security) The Open Security Controller Project is an open source project focused on centralizing security services orchestration for multi-cloud environments.
Research and Development
Information overload makes social media a swamp of fake news (Ars Technica) Low attention and a flood of data are serious problems for social networks.
Data 61's Trustworthy System Could Be An Unhackable OS (Life Hacker) It's said necessity is the mother of invention. About 15 years ago, Dr Gernot Heiser, from Data 61, looked ahead and, despite being fit and healthy, could...
Academia
SPAWAR’s Cybersecurity Summer Camp Expands Student Enthusiasm in STEM Careers (DVIDS) For the fifth year in a row, students from Charleston, Berkeley and Dorchester County school districts in South Carolina beat the summer heat by participating in a Cybersecurity Summer Camp hosted by Space and Naval Warfare Systems Center (SSC) Atlantic, June 19-23.
In an unsafe cyber world, here’s why you should study cryptology (Hindustan Times) Demand for security and cryptologists will increase as safeguarding data and documents in the age of internet banking and online payments assumes great importance
Legislation, Policy, and Regulation
Russian Hybrid Warfare and Other Dark Arts (War on the Rocks) Following Russia's annexation of Crimea, hybrid warfare has become conversational short form in the West for describing Moscow's sneaky ways of fighting wa
Stoltenberg: NATO to increase aid to Ukraine in field of cyber defense (Ukrinform) NATO will enhance cooperation with Ukraine in the field of cyber defense in connection with the powerful cyber attacks, which Ukraine suffered the day before.
Nato Confirms Cyber as Legitimate Military Domain (Infosecurity Magazine) Nato Confirms Cyber as Legitimate Military Domain. Attack on one member state is an attack on all
Defence Secretary’s speech at Cyber 2017 Chatham House Conference (Gov.uk) Defence Secretary Sir Michael Fallon gave a speech at Cyber 2017 outlining how the Ministry of Defence is tackling today's cyber threats
Australia's encryption thwart thought is fraught (ZDNet) It's not an attack on mathematics. Attorney-General Brandis' attack on terrorist encryption is an attack on the very fabric of secure mobile communications.
Bill would bar Pentagon from business with Moscow-based Kaspersky Lab (NBC News) U.S. intelligence officials have recently expressed concerns that Russia-based cyber-security firm Kaspersky Lab is a security risk, but have not said why.
Lawmakers to press for cyber oversight in defense bill (TheHill) Lawmakers are expressing confidence that this year’s defense policy bill will include a measure requiring that the defense committees be notified within 48 hours of a sensitive military cyber operation.
More Than Just Your Regular Cyberthreats (SIGNAL Magazine) A classified event is nothing short of interesting. A classified cyber forum is nothing short of mandatory.
White House Nominates Susan M. Gordon for Key IC Role (The Cipher Brief) The White House announced on Wednesday that President Donald Trump is nominating Susan M. Gordon to serve as the next Principal Deputy Director of National Intelligence, a role that insiders equate to that of chief operating officer for the intelligence community.
General Data Protection Regulation (GDPR) requirements, deadlines and facts (CSO Online) GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly. Here’s what every company that does business in Europe needs to know about GDPR.
What are the GDPR requirements? (CSO Online) Here’s how the General Data Protection Regulation (GDPR) will change how companies process, store and secure EU customer data.
Litigation, Investigation, and Law Enforcement
New Ransomware, Old Headaches in Global Ransomware Attack (Bloomberg BNA) Companies scrambled June 27 to combat the latest global ransomware attack that hit thousands of companies, including pharmaceutical company Merck Inc., shipping and logistics company A.P....
CNN’s Russia story debacle came at the worst possible time for the network (Washington Post) When the flawed story broke, the investigations editor was out of town.
States Are Cracking Down on Cybersecurity Laggards (Sunstein Kann Murphy & Timbers LLP) Cybersecurity is of deep concern to state law enforcement, as illustrated by a consent judgment that imposes strict measures on Target Corp. to improve customer-data protection.