The CyberWire Daily Briefing 6.29.17

Summary

By The CyberWire Staff

The Petya pandemic continues, and its story at least has grown more complex. It's picked up at least two new names, ExPetr (from Kaspersky) and Nyetya (from Cisco). We'll stick with "Petya," for now, but researchers think that, while the current outbreak used code strings from Petya, it's sufficiently different to warrant a new name.

Specifically, it now appears to most that it's not ransomware at all, but rather a wiper masquerading as cryptoransomware. Those few who've paid the ransom seem not to have recovered their files, and indeed there may be no way for them to do so.

These features lead many to conclude that Petya's current instantiation is an act of cyber warfare, not cybercrime. Most observers think it originated with Russia (as Bleeping Computer puts it, "the obligatory part where we blame Russia"). While the evidence is circumstantial, it's more than reflexive. NATO has announced plans to step-up cyber defense cooperation with Ukraine.

Microsoft says a malicious update to tax accounting software MEDoc was the initial vector. Since then, researchers at Kaspersky have also found a watering hole attack in a website belonging to the Ukrainian city of Bakhmut.

Yesterday two sources of leaks resurfaced. WikiLeaks offers a manual for "ELSA" from Vault7. They claim ELSA is a CIA tool for tracking users of Wi-Fi enabled devices using Extended Service Set data from nearby Wi-Fi networks. And the ShadowBrokers, flacking their exploit-of-the-month club, promise they're about to name-and-shame an Equation Group operator who's tweeted rudely about them.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Denmark, France, Germany, India, Israel, NATO/OTAN, Russia, Ukraine, United Kingdom, and United States.

On the Podcast

In today's podcast, we hear from our partners at Palo Alto Networks, as Rick Howard talks about the benefits of capture the flag competitions.

There's also a special podcast up on Internet-of-things security, prepared with the support of Cylance. In this CyberWire Special Edition we speak with IoT experts who provide their take on the current state of the internet of things for consumers, enterprise, industrial control and even self-driving cars.

Sponsored Events

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you. Come join the conversation!

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Surprise! NotPetya Is a Cyber-Weapon. It's Not Ransomware (BleepingComputer) The NotPetya ransomware that encrypted and locked thousands of computers across the globe yesterday and today is, in reality, a disk wiper meant to sabotage and destroy computers, and not ransomware. This is the conclusion of two separate reports coming from Comae Technologies and Kaspersky Lab experts.

Petya: Is it ransomware or cyberwarfare? (CSO Online) It turns out Petya isn't ransomware, but a cyber weapon being used to carry out cyberwarfare activities.

Petya not a ransomware but much worse (HackRead) The breakout of the Petya malware two days ago has caused mayhem once again. It has been the second major global cyber attack after the WannaCry incident.

ExPetr/Petya/NotPetya is a Wiper, Not Ransomware (SecureList) After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made.

KnowBe4 CEO Calls New Global Ransomware Outbreak Cyber Warfare (BusinessWire) KnowBe4 CEO Calls New Global Ransomware Outbreak Cyber Warfare -- Security experts say the new attack is more than an apparent ransomware infection

Petya Ransomware Epidemic May Be Spillover from Cyberwar (WIRED) When a ransomware outbreak exploded from Ukraine across Europe yesterday, disrupting companies, government agencies, and critical infrastructure, it at first appeared to be just another profit-focused cybercriminal scheme—albeit a particularly vicious and damaging one. But its origins in Ukraine raised deeper questions. After all, shadowy hackers have waged a cyberwar there for years, likely at Russia's bidding.

The Latest Ransomware Took Advantage of a Devilishly Clever Trick (Motherboard) Usually, ransomware may be spread via emails or websites. But at least some victims of this latest wave were infected by a software update, according to researchers and law enforcement.

Teardown of 'NotPetya' Malware: Here's What We Know (BankInfo Security) Malware known as NotPetya, SortaPetya or GoldenEye continues to spread globally, infecting endpoints via leaked Equation Group exploits as well as built-in Windows

Security Alert: New ransomware outbreak combines attack vectors, delivers malware cocktail (Heimdal Security Blog) This new Petya ransomware outbreak has infected computer servers all over the globe. Learn how to stay safe and protect your data.

Ransomware 'Nyetya' behind new global cyber attack: Cisco (The Economic Times) Nyetya is very similar to WannaCry, the ransomware that affected 200,000 people in 150 countries in May, encrypting data on infected computers and asking for a ransom to recover them.

New Petya Distribution Vectors Bubbling to Surface (Threatpost) Microsoft has made a definitive link between MEDoc and initial distribution of the Petya ransomware. Kaspersky Lab, meanwhile, has identified a Ukrainian government website used in a watering hole …

Massive Cyberattack Traced To Tax Software (Forbes) A worldwide cyberattack that affected companies in 64 different countries, including those in the United States, caused panic as security experts scrambled to find out how it happened. Microsoft now believes it can trace the origins of the cyberattack to a Ukrainian company's tax accounting software.

'Petya' Ransomware Hits At Least 65 Countries; Microsoft Traces It To Tax Software (NPR.org) An updated version of the malware has the ability to worm through computer networks, gathering passwords and credentials and spreading itself.

What we know about the kill switch in Petya ransomware attack (ABC News) Cybersecurity researchers have been racing to analyze the new ransomware that struck Tuesday, first hitting Ukraine in an avalanche of attacks before spreading to other countries around the world.

'Vaccine' created for huge cyber-attack (BBC News) A file can be used to protect against Tuesday’s global cyber-attack but will not stop the threat entirely.

'Petya' ransomware attack strikes companies across Europe and US (the Guardian) Ukraine government, banks and electricity grid hit hardest, but companies in France, Denmark and Pittsburgh, Pennsylvania also attacked

Cisco Live 2017: Why the ‘Petya’/‘Nyetya’ Ransomware Attack Tops WannaCry (BizTech) Cisco’s Talos cybersecurity group and other researchers have identified the flaws and attack methods of the latest global cyberattack.

Experten warnen: Hackerangriff noch gefährlicher als bei Wannacry (Stuttgarter Nachrichten) Experten des deutschen Sicherheitsdienstleisters G-Data halten den aktuellen Cyberangriff für gefährlicher als die „Wannacry“-Attacke im vergangenen Mai. Bei dem Angriff, der am Dienstag auch zahlreiche internationale Konzerne getroffen hatte, gebe es keinen „Notfallknopf“.

Major organisations among those affected by worldwide cyber attack (South Wales Argus) A range of organisations including big business and government offices in eastern Europe have been hit by a worldwide cyber attack.

Factory, Shipping, Law Firms Under Cyber Attack in Australia (Appsforpcdaily) It's believed the issue has filtered down to Cadbury from their parent company Mondelz International, who were the original target of this arm of the attack.

Global Cyber Attack Hit Auchan Payment Terminals in Ukraine (New York Times) A global cyber attack on Tuesday hit the terminal payments of French retailer Auchan [AUCH.UL] in its stores in Ukraine but the incident is now over, a company spokeswoman told Reuters.

Companies, governments worldwide assess damage from latest cyberattack (AP via the Chicago Tribune) Companies and governments around the world on Wednesday counted the cost of a software epidemic that has disrupted ports, hospitals and banks.

Cyber raids costing firms £310bn a year (This is Money) Ransom attacks by hackers on companies are set to double this year, an insurer has claimed – driving the £310 billion global bill from cybercrime even higher.

WRAPUP 2-Major cyber attack disrupts businesses around world (Reuters) A cyber attackwreaked havoc around the globe on Wednesday, crippling thousandsof computers, disrupting operations at ports from Mumbai to LosAngeles and halting production at a chocolate factory inAustralia.

New computer virus spreads from Ukraine to disrupt world business (Reuters) A computer virus wreaked havoc on firms around the globe on Wednesday as it spread to more than 60 countries, disrupting ports from Mumbai to Los Angeles and halting work at a chocolate factory in Australia.

Petya (Or Not) Malware: What Tanium Customers Need to Know (Tanium Blog) Several high-profile organizations are already affected by a ransomware attack which began to spread in Europe on June 27. Tanium’s EDR and TAM teams are monitoring the situation closely. Here’s what we know so far. A ransomware attack which began to spread in Europe on June 27 is showing potential to have a broader impact worldwide, with...

Companies That Paid Ransom Can’t Get Data Back From Petya Cyberattack (Meritalk) Companies that paid the ransom to retrieve their data from the Petya ransomware attack have no way of receiving the encryption key.

Maersk starts IT recovery after cyber attack (Offshore Support Journal) Maersk Group has started to recover its damaged IT systems following a cyber attack on 27 June that shut down multiple business units and ship terminals. AP Moller-Maersk was one of the victims of a global cyber attack that affected the Ukraine Government and many businesses in different industries.

LA Port Terminal Still Shut Down Following Cyber-Attack (CBS Los Angeles) The largest terminal in the Port of Los Angeles remained closed Wednesday following a cyber-attack that hit computers at various companies in Europe and around the globe.

Latest Petya ransomware attack could be worse than its predecessor (Today Online) The latest ransomware attack to hit organisations around the world has the potential to wreak even greater havoc than the WannaCry worm that struck hundreds of thousands of computers across the globe last month.

The fault for ransomware attacks lies with the challenges security teams face (CSO Online) The realities of managing and protecting IT infrastructures puts IT and security personnel in a no-win situation when attacks like WannaCry or ExPetr occur, so stop blaming them.

Petya/Not Petya Ransomware Attack: 5 Fast Facts You Need to Know (Heavy.com) Another major cyberattack, using "Petya" or "NotPetya" ransomware this time, has struck companies and government agencies in Europe and the US weeks after "WannaCry."

What the nightmare cybersecurity scenario looks like (Marketplace) This week's hack shows the potential for attacks targeting pipelines, oil rigs and transportation systems.

Are mass cyber security attacks like WannaCry and Petya now the norm? (PCR) Ransomware now has to be the number one issue for governments and security experts put in charge of fighting cybercrime. In fact, it should be the top concern for anyone running a business or even anyone who owns a computer.

Why ransomware attacks keep happening (CNNMoney) It's a business for criminals.

Electricity Delivery Is An Open Target For Cyber Threats (The National Interest) It is reckless to allow the system that provides electricity for citizens to be an open target.

Researchers Found They Could Hack Entire Wind Farms (WIRED) On a sunny day last summer, in the middle of a vast cornfield somewhere in the large, windy middle of America, two researchers from the University of Tulsa stepped into an oven-hot, elevator-sized chamber within the base of a 300-foot-tall wind turbine.

FedEx says cyberattack targeted TNT Express unit's global operation (The Commercial Appeal) The cyberattack was the second experienced by FedEx since May, when a computer virus affected sorting at the company's Memphis hub.

Before NotPetya, There Was Another Ransomware That Targeted Ukraine Last Week (BleepingComputer) Last week, long before the Petya / NotPetya ransomware broke out, there was another ransomware campaign that targeted Ukrainian users with a vengeance.

Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons (New York Times) Hackers in two global attacks have used cyberweapons stolen from a dangerous collection that had been amassed by the agency.

'The ultimate cyberweapon for espionage': The 'Petya' cyberattack is exploiting a powerful NSA tool (Business Insider) "Any cybercriminal, terrorist organization, or government can take these tools, weaponize them, and run their own attack," said Greg Martin, a...

Shadow Brokers Taunt and Blackmail NSA (Infosecurity Magazine) Shadow Brokers provide promised exploits and leaked data at June's end and promise more in July

Shadow Brokers threatens to expose NSA hacker’s covert operations against China (RT via Newsline) The Shadow Brokers has threatened to name and shame a former NSA Equation Group member “writing ugly tweets” about the hacking group. The hacking group levied an attack against a Twitter user it calls “doctor,” whom it accuses of tweeting unjustified …

Vault 7: CIA Malware for Tracking Windows Devices via WiFi Networks (BleepingComputer) Today, WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of WiFi-capable Windows devices based on the ESS (Extended Service Set) data of nearby WiFi networks.

WikiLeaks Dump Reveals a Creepy CIA Location-Tracking Trick (WIRED) How many people specifically know where you are right now? Some friends and family? Your coworkers, maybe? If you're using a Windows laptop or PC you could add another group to the list: the CIA.

Remote code execution flaws exposed in Kaspersky Server software (ZDNet) Core Security's advisory reveals a number of dangerous vulnerabilities in the antivirus server solution.

Catching up with Blank Slate: a malspam campaign still going strong (SANS Internet Storm Center) "Blank Slate" is the nickname for a malicious spam (malspam) campaign pushing ransomware targeting Windows hosts.

U.K. Parliament maintains restrictions after email hack (Information Management) Hackers gained access to lawmakers’ accounts that had used "weak passwords" that did not comply with government guidance, a spokeswoman said.

Linux malware gaining favor among cybercriminals (SC Media US) Linux malware is becoming a more important tool for cybercriminals as these individuals focus a greater portion of their attention on attacking IoT devices running the open-source operating system.

Information Stealer Found Hitting Israeli Hospitals (TrendLabs Security Intelligence Blog) The abuse of shortcut (LNK) files is steadily gaining traction, so it's not surprising that we discovered another information stealer employing LNK files.

8Track Hacked: 18M accounts from music social network site stolen (HackRead) A Dark Web hacker going by the online handle of "nclay" is claiming to have hacked the popular Internet radio and social networking website 8Track.com and

Army WIN-T Network vs Russia & China Attack (Scout.com) Critics of the network are raising questions as to its ability to perform necessary combat functions amid jamming, electromagnetic interference and cyberattacks from a technologically advanced enemy.

Guardian finally admits its WhatsApp claims were wrong (ITWire) A little more than five months after it claimed that a WhatsApp design feature meant that some encrypted messages could be read by a third party, The Guardian has backed down and admitted that the report was wrong.

Flawed reporting about WhatsApp (the Guardian) Open door: Cumulative effect of missteps led the Guardian to overstate the potential impact on the security of users’ messaging

Security Patches, Mitigations, and Software Updates

Microsoft Issues ‘Important’ Security Fix for Azure AD Connect (Threatpost) Microsoft is warning customers of an “important” update to its Azure AD Connect service that could allow for an elevation of privilege attack against affected systems.

Cyber Trends

IoT 2017 – Securing the Things: A CyberWire Special Edition (The CyberWire) In this CyberWire Special Edition we speak with IoT experts who provide their take on the current state of the internet of things for consumers, enterprise, industrial control and even self-driving cars.

PetrWrap & WannaCry Won't Teach Businesses To Better Protect Themselves Online (Forbes) The sad truth is that the vast majority of people in management, just don't want to know.

Top cloud challenges: Security, compliance, and cost control (Help Net Security) The cloud is not living up to expectations because of compliance and security concerns, downstream costs, and cloud management tools on the market.

Marketplace

Cybersecurity stocks rally as ransomware attack targets thousands of computers (CNBC) Cybersecurity stocks rose on Wednesday following a large-scale ransomware attack.

Ransomware's Human Enablers (Bloomberg Gadfly) Cyber-security selloff highlights how boosting IT spending isn't enough.

The next generational shift in enterprise infrastructure has arrived (TechCrunch) Cloud computing is driving growth at 3 of the 5 most valuable companies in the world. AI will impact jobs only as quickly as AI-powered business software..

Average Bug Bounty Payments Growing (Threatpost) HackerOne released its first report on its bug bounty program, and reveals an industry shift toward enlisting hackers for better cybersecurity.

()

Bitcoin bull unfazed by cyberattacks (Philly.com) Michael Novogratz says cryptocurrencies could be worth more than $5 trillion in five years - if the industry can come out of the shadows.

Microsoft Turns to AI to Fight Cyberattacks (Investopedia) Microsoft is turning to artificial intelligence in the wake of the WannaCry ransomware attacks.

There's A Fight Brewing Between The NYPD And Silicon Valley (BuzzFeed) Big data helped New York's cops bust Bobby Shmurda. But as the NYPD's contract with tech giant Palantir comes to an end, things could get messy.

3 Reasons FireEye Inc (FEYE) Stock Is a Little Too Risky (InvestorPlace) FireEye (FEYE) still faces some serious issues and the FEYE stock price may have gotten ahead of itself. Here's what you need to know.

Q&A: Fortinet CEO Xie On Why The Company Will Beat Cisco, Palo Alto Networks And Check Point As The Network Security Market Evolves (CRN) In an interview with CRN, Fortinet CEO Ken Xie said the network security market is entering its third generation and Fortinet will need the channel to get a leg up on the competition.

Kris Lovejoy's BluVector Unlocks The 'Genome' For CyberSecurity (Forbes) BluVector was founded on the premise that the approaches most security technologies were based on were doomed to failure. They wanted to change that dynamic and turn security on its head.

AlertSec Aims to Make Encryption Security More Accessible (eSecurity Planet) Ebba Blitz isn't a typical technology industry CEO and the company she leads isn't a typical security vendor either. Blitz joined AlertSec after a career in journalism in Sweden where she honed her craft of making complex subjects more understandable which is what she's now doing in a different capability with security at AlertSec

Brokerages Set Rapid7, Inc. (RPD) Target Price at $18.93 (The Cerbat Gem) Rapid7, Inc. (NASDAQ:RPD) has been assigned a consensus rating of “Buy” from the eight brokerages that are presently covering the stock, MarketBeat.com reports. Four investment analysts have rated the stock with a hold recommendation and four have given a buy recommendation to the company. The average twelve-month target price among analysts that have covered the […]

Corero wins contract with US federal government agency (Proactiveinvestors UK) Corero Network Security PLC (LON:CNS) - Corero's customer base continues to extend beyond internet services and hosting providers ... and small wonder after yesterday's wave of cyber-attacks

Duo Security Doubles Austin Footprint with Move to Historic Bosche-Hogg Building (Marketwired) Austin-based employees to relocate to renovated 14,000 square foot office by end of 2017 as headcount more than doubles

PhishLabs Recognized as a Best Place to Work (PRWeb) Charleston-based cybersecurity company is named a top employer in South Carolina.

Tenable wins Visionary Innovation Leadership Award (Control Engineering Asia) Tenable wins Frost & Sullivan’s 2017 Visionary Innovation Leadership Award, leading cybersecurity company is recognized for its continuous monitoring technology that addresses the full spectrum…

EY Announces George Kurtz of CrowdStrike Named Entrepreneur of the Year® 2017 Award Winner in Northern California (BusinessWire) EY has announced that George Kurtz, co-founder and CEO of CrowdStrike®, the leader in cloud-delivered endpoint protection, has received the Entrep

Products, Services, and Solutions

Barracuda Networks Debuts AI-Based Security Product (Media Post) Barracuda Networks has launched a tool for fighting spear phishing and cyber fraud, called Barracuda Sentinel.

Boldon James Takes the Lead With Classification Coverage For SharePoint Online (PRNewswire) QinetiQ's data security company Boldon James, the leading specialist provider...

Nomadix's Alloc8 Addresses Hotel Analytics Requirements in an Affordable Internet Monitoring and Reporting Platform (Marketwired) New standalone solution provides powerful monitoring and reporting capabilities up to 1Gbps

Singing River Health System purchased ZixEncrypt for email encryption and data loss prevention (DotMed) Zix Corporation (Zix), (NASDAQ: ZIXI), a leader in email security, announced that Singing River Health System has strengthened compliance and security by adding ZixEncryptSM.

Technologies, Techniques, and Standards

The next frontier of cyber governance: Achieving resilience in the wake of NotPetya (Help Net Security) Here’s how organizations can get ahead of existential threats and lead the charge in the next frontier of cyber governance.

()

MiFID II data security paramount, warns Silverfinch (Securities Lending Times) Data sent to regulators as part of the second Markets in Financial Instruments Directive (MiFID II) reporting requirements must be sent and managed securely, said regulatory data exchange Silverfinch.

Dave Lewis: We Can Do Better at Security Basics (Cylance) As a Global Security Advocate for Akamai, Dave Lewis counsels customers on best practices for security. While no particular industry is immune, the financial services seems to be doing quite well at security, while retailers are performing the worst.

Here's how to protect your mortgage business from the recent, global cyber attack (Housing Wire) Perhaps the most disturbing aspect of the attack, from a financial institution's perspective, is that it originated in a third-party service provider, proving that hackers have identified one of the weak spots in the financial ecosystem. In their attempts to automate the mortgage process, banks and other financial institutions rely on third-party providers to deliver a wide range of services and often have dozens of integrations with these providers.

3 Ways Corporations are Keeping Track of Data Breaches (HackRead) It seems like every other day; we see a story on the news about the latest major data breach that has compromised the personal and financial records of hun

The Life, Death, and Legacy of iPhone Jailbreaking (Motherboard) How a ragtag group of young hackers made the iPhone what it is today.

What makes a good security analyst: The character traits you need (Help Net Security) An experienced security analyst continually thinks about what is implicit to the information available to them - not just explicitly delivered.

Design and Innovation

How the Hashtag Is Changing Warfare (SIGNAL Magazine) Bots are used to manipulate opinions and advance agendas, and identifying, countering and degrading bot armies requires new tactics—battle-ready tactics.

The Quest for an Operational Cyber Edge (SIGNAL Magazine) Army officials expect to soon have approval of a rapid prototyping process for acquiring cyber and electronic warfare prototypes assessed during Cyber Quest 2017.

Open Security Controller: Security service orchestration for multi-cloud environments (Help Net Security) The Open Security Controller Project is an open source project focused on centralizing security services orchestration for multi-cloud environments.

Research and Development

Information overload makes social media a swamp of fake news (Ars Technica) Low attention and a flood of data are serious problems for social networks.

Data 61's Trustworthy System Could Be An Unhackable OS (Life Hacker) It's said necessity is the mother of invention. About 15 years ago, Dr Gernot Heiser, from Data 61, looked ahead and, despite being fit and healthy, could...

Academia

SPAWAR’s Cybersecurity Summer Camp Expands Student Enthusiasm in STEM Careers (DVIDS) For the fifth year in a row, students from Charleston, Berkeley and Dorchester County school districts in South Carolina beat the summer heat by participating in a Cybersecurity Summer Camp hosted by Space and Naval Warfare Systems Center (SSC) Atlantic, June 19-23.

In an unsafe cyber world, here’s why you should study cryptology (Hindustan Times) Demand for security and cryptologists will increase as safeguarding data and documents in the age of internet banking and online payments assumes great importance

Legislation, Policy and Regulation

Russian Hybrid Warfare and Other Dark Arts (War on the Rocks) Following Russia's annexation of Crimea, hybrid warfare has become conversational short form in the West for describing Moscow's sneaky ways of fighting wa

Stoltenberg: NATO to increase aid to Ukraine in field of cyber defense (Ukrinform) NATO will enhance cooperation with Ukraine in the field of cyber defense in connection with the powerful cyber attacks, which Ukraine suffered the day before.

Nato Confirms Cyber as Legitimate Military Domain (Infosecurity Magazine) Nato Confirms Cyber as Legitimate Military Domain. Attack on one member state is an attack on all

Defence Secretary’s speech at Cyber 2017 Chatham House Conference (Gov.uk) Defence Secretary Sir Michael Fallon gave a speech at Cyber 2017 outlining how the Ministry of Defence is tackling today's cyber threats

Australia's encryption thwart thought is fraught (ZDNet) It's not an attack on mathematics. Attorney-General Brandis' attack on terrorist encryption is an attack on the very fabric of secure mobile communications.

Bill would bar Pentagon from business with Moscow-based Kaspersky Lab (NBC News) U.S. intelligence officials have recently expressed concerns that Russia-based cyber-security firm Kaspersky Lab is a security risk, but have not said why.

Lawmakers to press for cyber oversight in defense bill (TheHill) Lawmakers are expressing confidence that this year’s defense policy bill will include a measure requiring that the defense committees be notified within 48 hours of a sensitive military cyber operation.

More Than Just Your Regular Cyberthreats (SIGNAL Magazine) A classified event is nothing short of interesting. A classified cyber forum is nothing short of mandatory.

White House Nominates Susan M. Gordon for Key IC Role (The Cipher Brief) The White House announced on Wednesday that President Donald Trump is nominating Susan M. Gordon to serve as the next Principal Deputy Director of National Intelligence, a role that insiders equate to that of chief operating officer for the intelligence community.

General Data Protection Regulation (GDPR) requirements, deadlines and facts (CSO Online) GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly. Here’s what every company that does business in Europe needs to know about GDPR.

What are the GDPR requirements? (CSO Online) Here’s how the General Data Protection Regulation (GDPR) will change how companies process, store and secure EU customer data.

Litigation, Investigation, and Enforcement

New Ransomware, Old Headaches in Global Ransomware Attack (Bloomberg BNA) Companies scrambled June 27 to combat the latest global ransomware attack that hit thousands of companies, including pharmaceutical company Merck Inc., shipping and logistics company A.P....

CNN’s Russia story debacle came at the worst possible time for the network (Washington Post) When the flawed story broke, the investigations editor was out of town.

States Are Cracking Down on Cybersecurity Laggards (Sunstein Kann Murphy & Timbers LLP) Cybersecurity is of deep concern to state law enforcement, as illustrated by a consent judgment that imposes strict measures on Target Corp. to improve customer-data protection.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the continued threats such as Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransome ware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

upcoming Events

Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: DC. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: DC is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives. (New York, New York, USA, June 29, 2017) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

CyberSecurity International Symposium (Chcago, Illinois, USA, July 10 - 11, 2017) The Symposium will take an in-depth look at the latest cyber security threats and trends, as well as real-world strategies for securing critical networks and data in enterprise, commercial, government and industrial environments. The event will bring together several hundred industry practitioners, researchers, regulators and solution providers for two days of in-depth, focused networking and information sharing at the cutting edge of cyber security. Many leading companies in the sector will be presenting.

East Midlands Cyber Security Conference and Expo (Leicester, England, UK, July 11, 2017) The conference and expo will bring together over 150 businesses, information security providers and key influencers to discuss the threats posed by online criminals and the practical ways in which business make themselves more resilient to cybercrime. Core themes will include: the evolving cyber threat; cyber resilience in the supply chain; and essential cyber skills.

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

More on Petya, whose newer names include ExPetr and Nyetya, and which looks more wiper than ransomware. WikiLeaks is back, and so are the ShadowBrokers.