Cyber Attacks, Threats, and Vulnerabilities
NotPetya used NSA exploits even before release by Shadow Brokers (Computing) New research from security firm F-Secure suggests that NotPetya malware was made six months ago using NSA exploits before they were released by hackers
Petya: “I Want To Believe” (News from the Lab) There’s been a lot of speculation and conjecture around this “Petya” outbreak. A great deal of it seems to have been fueled by confirmation bias (to us, at least). Many things abo…
His ‘Petya’ Code Was Used in a Global Cyber Attack, Now He Wants to Help (The Daily Beast) The James Bond baddie-inspired ‘Janus’ began selling his ransomware in spring 2016. Now a modified version is wreaking havoc—and he says it wasn’t him, and he wants to crack it.
Petya, PetrWrap, GoldenEye, and WannaCry: a ransomware pandemic scorecard. (The CyberWire) The malware pandemic that broke out of initial infections in Ukraine on Tuesday, June 27th, is the familiar Petya ransomware, modified to incorporate the EternalBlue exploit. Here's a rundown, with commentary by the experts.
This is What It Looks Like When You Get Hit with the NotPetya Ransomware (Motherboard) It's almost impossible to recover your files.
Is this Petya, NotPetya, GoldenEye, ExPetr, or PetrWrap? (Forcepoint) Forcepoint Security Labs will continue to refer to this as a Petya outbreak, although other vendors have chosen to apply additional or alternative names to it.
Petya: The Sophisticated and Multi-Pronged Ransomware Attack (Recorded Future) A new cyber attack that is quickly spreading throughout the world appears to be delivering ransomware and a trojan information stealer.
Petya Wormed Ransomware Causes Havoc (Netskope) A wormed version of the Petya/GoldenEye ransomware family has been found to be propagating via the SMB exploit patched in MS17-010 (AKA EternalBlue). This is the same vulnerability exploited by...
The NotPetya Global Pandemic (CyberArk) In May 2017, WannaCry took advantage of an exploit in the Windows operating system to usher in a cyber security pandemic – ransomware that can spread its infection like a traditional worm.
Technical Analysis of Petya Ransomware Propagation (Alcavio) "Petya" is the most recent ransomware strain, is spreading quickly despite microsoft windows patches
Petya Ransomware Outbreak - June 27, 2017 (Cloud Security Solutions | Zscaler) One month after the WannaCry outbreak, we are seeing another widespread ransomware outbreak, possibly involving the Petya ransomware family variant.
Petya: Recommendations for defense and remediation. (The CyberWire) What can enterprises do, now, to protect themselves against Petya and the other, similar attacks soon to follow?
NotPetya attacker can't provide decryption keys, researchers warn (Help Net Security) The installation key (ID) that the victims need to provide in order to get the decryption key back is a useless, randomly generated string.
Patch management could have stopped NotPetya attacks: Verizon (IT World Canada) Good patch management could have stopped the spread this week of the NotPetya ransomware
Practical Steps for Petya Ransomware Protection (Revolutionary Security) You may have heard that there is a new ransomware campaign leveraging the EternalBlue (MS17-10) exploit from the recent Vault 7 leaks.
Deconstructing Petya: how it spreads and how to fight back (Naked Security) It’s been 24 hours since the outbreak first hit: here’s what we know now about how Petya behaves
10 Things You Need to Know About NotPetya (Note: Don’t Pay the Ransom) (Cyxtera) Europe woke up Tuesday to massive attacks on both governments and some of the world’s largest brands.
NotPetya is designed to destroy, says Malwarebytes (Computing) It is a scam and you will never get your money back
How collective defense can work. (The CyberWire) As they did two weeks ago with CrashOverride, the ISACs appear to be working as advertised.
Ukrainian Spooks Call in FBI, NCA and Europol (Infosecurity Magazine) Ukrainian Spooks Call in FBI, NCA and Europol. Race to unmask ‘Petya’ threat actors intensifies
NITDA, others raise alert as ‘GoldenEye’ paralyses businesses (Guardian (Nigeria)) National Information Technology Development Agency (NITDA) and other cyber security firms have alerted Nigerian companies on the rampaging ransomware attacks called Petya or ‘GoldenEye’.
When sharing isn't caring. (The CyberWire) There's been a tendency to romanticize leaking and even espionage.
Cyber-Attacken auf Banken und Firmen in Russland und Ukraine (hearZONE) Zum zweiten Mal innerhalb von zwei Monaten hat ein massiver Angriff mit Erpressungssoftware Firmen rund um den Globus getroffen.
Policy, conflict, attribution, and preparing for more to come. (The CyberWire) Ukrainian authorities have their suspect, but attribution isn't going to be simple. What's clear, however, is that more such attacks can be expected.
Decrypting the Motivations Behind NotPetya/ExPetr/GoldenEye (Dark Reading) Experts discuss the methods and targets involved in this week's massive malware outbreak to figure out what motivated attackers.
Thoughts on the on-going global cyber attacks as they affect industrial control systems (ICSs) (Control Global) With ICSs, we are in a very uneven battle.
Petya: Is it ransomware or cyberwarfare? (CSO Online) It turns out Petya isn't ransomware, but a cyber weapon being used to carry out cyberwarfare activities.
Pnyetya: Yet Another Ransomware Outbreak (Medium) Hiding the small movement inside the big movement
Global cyber attack likely cover for malware installation in Ukraine: police official (Reuters) The primary target of a crippling computer virus that spread from Ukraine across the world this week is highly likely to have been that country's computer infrastructure...
Cyber-attack was about data and not money, say experts (BBC News) They point to "aggressive" features of the malware that make it impossible to revive key files.
Top experts at Tel Aviv conference keep close eye on global cyber attack (The Jerusalem Post) One name kept coming up when it comes to who may be behind the global attacks.
Why this ransomware attack is more alarming than the last (Marketplace) Chester Wisniewski, senior security researcher with Sophos, talks to us about the latest cyber breach.
Ransomware's global epidemic is just getting started (CNET) WannaCry should have been a major warning to the world about ransomware. Then the GoldenEye strain of Petya ransomware arrived. What’s next?
Ransomware Attack on DLA Piper Puts Law Firms, Clients on Red Alert (The American Lawyer) The implications of network-crippling malware may be just as damaging for a deadline-driven service industry that holds the fate of companies’ legal issues i...
Fears of hackers targeting US hospitals, medical devices for cyber attacks (ABC News) Experts are warning that not only is the randsomware problem getting worse, but hospital computers and medical devices are vulnerable to hacking.
First Maersk ship docks in NZ after cyber attack (Stuff) Shipping giant Moller-Maersk assures NZ ports and freight firms its operations are intact despite cyber attack.
Global shipping feels fallout from Maersk cyber attack (Reuters) Global shipping is still feeling the effects of a cyber attack that hit A.P. Moller-Maersk (MAERSKb.CO) two days ago, showing the scale of the damage a computer virus can unleash on the technology dependent and inter-connected industry.
Cyber attack 'worst possible timing' for Gothenburg port (The Local (Sweden)) Trouble-hit Gothenburg harbour is still struggling to get its services up and running after shipping mammoth Maersk was hit by a cyber attack.
CIA May Have Developed Linux Malware (Infosecurity Magazine) The latest Vault 7 dump on WikiLeaks, dated 29 June 2017, contains a document on Linux malware the CIA may have developed, named OutlawCountry
Shadow Brokers Group Leaks Stolen National Security Agency Hacking Tools (NPR) Last August, hacking tools were stolen from the National Security Agency. Now, those tools are being used in a number of cyber attacks around the world, and there's mounting pressure on the NSA to do something.
Shadow Brokers hike prices for stolen NSA exploits, threaten to out ex-Uncle Sam hacker (Register) Also starts mysterious VIP service for $130,000
Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone (BleepingComputer) A fourth ransomware campaign focused on Ukraine has surfaced today, following some of the patterns seen in past ransomware campaigns that have been aimed at the country, such as XData, PScrypt, and the infamous NotPetya.
Cerber Renames Itself as CRBR ENCRYPTOR to Be a PITA (BleepingComputer) Ransomware developers are really trying to screw with us this week. This is shown with the CERBER Ransomware suddenly deciding to change its name to CRBR Encryptor. It's bad enough what they do with victims, now they just want to be a PITA?
Iraqi leader says ISIS is at its end; the US military says not so fast (Washington Examiner) 'We are seeing the end of the fake Daesh state, the liberation of Mosul proves that,' Iraqi Prime Minister Haider al-Abadi said.
Azure AD Connect vulnerability allows attackers to reset admin passwords (Help Net Security) An Azure AD Connect vulnerability could be exploited by attackers to gain unauthorized access to on-premises AD privileged user accounts.
Hacking nuclear submarines – how likely is the nightmare scenario? (Naked Security) Nuclear submarines run on Windows XP – but is that the ships’ weakest point?
MoD: HMS Queen Elizabeth Will Not Have Windows XP Systems When Operational (Silicon UK) UPDATED: MoD squashed concerns that legacy software in the Navy's latest aircraft carrier leave it open to cyber attacks
Hackers breached a US nuclear power plant's network, and it could be a 'big danger' (Business Insider) This breach "could lead to another attack that could be more serious," one cybersecurity expert said.
Critical Infrastructure Protection (CIP): Security problems exist despite compliance (CSO Online) CIP is just one of 14 mandatory NERC standards that are subject to enforcement in the U.S.
Who was to blame for what looked like a DDoS attack on the AA? That would be … the AA (Naked Security) AA members not unreasonably complied when they received an email warning them to change their passwords … but the AA’s servers couldn’t cope
This Dark Web Site Creates Robocalls to Steal People’s Credit Card PINs (Motherboard) A new service offers cybercriminals automated social engineering as a service.
This Retail Website Considers Password Security Optional (Threatpost) The glaring privacy issues tied to an online health and beauty retailer allows customers to log-in to their user accounts with just their email address – no password needed.
Security Patches, Mitigations, and Software Updates
Windows 10: Microsoft's new Insider Preview is packed with security features (ZDNet) Microsoft doubles down on enterprise security features ahead of the Windows 10 Fall Creators Update.
Cyber Trends
Cyber, electronic warfare blur tactical, strategic lines (C4ISRNET) The Army is working to test new technologies to help inform requirements, doctrine and operational concepts in the cyberspace domain.
Survey: Security Incidents like WannaCry Happen Multiple Times a Year (Healthcare Informatics) Nearly half of cybersecurity professionals in a recent survey said that there have been other security incidents like the recent WannaCry attack that they worked on just as frantically without the public ever hearing about it.
Guidance Software Security Report Finds a Growing Number of Enterprises Are Preparing for Breaches While Managing Increasing Security Challenges (BusinessWire) Guidance Software announces IT and security survey results, finding that companies are preparing to respond to a major breach in the coming year.
SMBs Focus on Endpoint Security while Large Enterprises Prioritize Data Security, Says Netwrix Survey (Netwrix) Despite having different approaches to security, only a quarter of SMBs and large organizations alike claim to be well prepared to beat cyber risks.
Druva Releases Annual Enterprise Ransomware Report (Druva) Ransomware attacks are on the rise; half of businesses infected once will be hit again; 82 percent of companies attacked turn to backup to recover; 33 percent of ransomware attacks target servers
Laptops hold more sensitive data, but they’re less protected than smartphones (Alertsec) Laptops hold more sensitive data, but they’re less protected than smartphones
Top cloud challenges: Security, compliance, and cost control (Help Net Security) The cloud is not living up to expectations because of compliance and security concerns, downstream costs, and cloud management tools on the market.
Marketplace
Silicon Valley security 'unicorn' takes steps towards an IPO (Silicon Valley Business Journal) Cloud security business Zscaler Inc. is reportedly interviewing potential underwriters for an IPO that could value it at about $2 billion.
Startup Takes AI Approach as Cyber Threats Mount (Datanami) Little else has worked lately when it comes to cybersecurity, prompting a startup and its backers to give artificial intelligence a shot. A group of indust
IBM and Cisco Systems: these two tech titans could actually make a cyber security partnership work (Verdict) Even the largest cyber security vendors can use all the help they can get with ransomware attacks like Petya and WannaCry becoming scarily common.
Tracing Raytheon’s Bold Launch into the Fifth Domain (The Cipher Brief) Raytheon, one of the U.S. government’s largest defense contractors, is known for making bold competitive moves.
Bishop Fox Ranked Among "Top Companies to Work for in Arizona" for Fourth Consecutive Year (PRNewswire) Bishop Fox announced today that it has been named to the list of "Top...
Products, Services, and Solutions
New infosec products of the week: June 30, 2017 (Help Net Security) Featured infosec products this week include releases from Akamai, Comodo, Indegy, NXP Semiconductors, and Objective Development.
Cylance Signs Distributor Agreement with Toshiba (BW CIOWORLD) Toshiba launches sales of CylancePROTECT AI-driven antivirus solution
Palo Alto Networks Virtualized Data Center Ultimate Test Drive (Breaking Defense) Interested in taking a Palo Alto Networks virtualized next-generation firewall product for a test drive?
Customers and Partners Turn to Zscaler to Secure SD-WAN Implementations (Marketwired) Zscaler grows partner ecosystem for secure, easy, and cost-effective local Internet breakouts
GoDaddy Introduces New Small Business Security Features (Small Business Trends) If you have a small business website, you know how dangerous malware and viruses can be.
Stopping Online Predators in Their Tracks with Help from Cybersleuth Investigations (Morningstar) That person you're talking with on Twitter, LinkedIn or Facebook may seem like your perfect soulmate, but in reality, they're the perfect nightmare.
Technologies, Techniques, and Standards
The next frontier of cyber governance: Achieving resilience in the wake of NotPetya (Help Net Security) Here’s how organizations can get ahead of existential threats and lead the charge in the next frontier of cyber governance.
DHS' 72-hour marathon to keep agencies, industry safe from WannaCry (FederalNewsRadio.com) Jeanette Manfra, acting undersecretary for cybersecurity at DHS, offered a look into the steps DHS took to keep federal agencies safe from WannaCry.
Combat Training Center rotations continue to drive evolution of Army Cyber-Electromagnetic Activities (DVIDS) The Army Cyber Command-led initiative to develop Cyber-Electromagnetic Activities (CEMA) in Army tactical units has come a long way since its inception as a pilot program in 2015.
Defending Against a Cyberattack on Democracy (Roll Call) Congressional campaigns rocked by Russian interference in the 2016 election are trying to make sure that it never happens again. Campaigns and elections are top targets for future cyberattacks. So campaign committees and campaigns themselves are taking steps to bolster security staff and training.
The role of web filtering in a modern security architecture (Help Net Security) The greatest challenge for a web filtering vendor is always going to be speed, followed closely by comprehension, according to Smoothwall.
Why the GDPR is good for you (Computing) With consumer trust at an all-time low, when companies embrace the privacy principles that underpin GDPR they will attract more customers
Design and Innovation
Post-quantum cryptography on smart cards demonstrated by Infineon - SecureIDNews (SecureIDNews) Infineon successfully supported an instance of next-generation, post-quantum cryptography (PQC) on smart cards using an off-the-shelf contactless chip.
Legislation, Policy, and Regulation
Egypt has blocked over 100 local and international websites including HuffPost and Medium (Quartz) They include Medium, Huffington Post, and Al Jazeera
There’s No Space for Qatar to Save Face (Foreign Policy) As the crisis in the Gulf heats up, the impossible demands made by the Saudis and Emiratis virtually ensure that things will get ugly.
Try as it may, Trump administration can't avoid Qatar crisis (Military Times) It's the geopolitical crisis the Trump administration just can't quit.
How to negotiate the Qatar crisis (NY Daily News) Saudi Arabia has finally announced its demands for ending its maritime blockade, enforced by sea and air...
There is No Other Way with Pakistan (War on the Rocks) In the midst of Trump administration developing its policies on Afghanistan and Pakistan, the experts in Washington, are divided. The key question seems to
With bank sanctions and arms sales, US hardens line on China (Military Times) The Trump administration hardened its approach to China on Thursday, blacklisting a small Chinese bank over dealings with North Korea while approving more than a billion dollars in military sales to Taiwan.
Trump to Meet With Putin at G-20 Gathering Next Week (null) The White House would not say whether the issue of Russia’s meddling in last year’s election would be directly addressed at the meeting.
Pentagon: Russia Very Much a Threat to the United States (Foreign Policy) In a new report, the Defense Intelligence Agency highlights Moscow’s fear of regime change and increased military spending as reason to take Russia seriously.
Pentagon Report: Kremlin Believes U.S. Wants Regime Change In Russia (RadioFreeEurope/RadioLiberty) Kremlin leaders believe the United States wants regime change in Russia, a worry that is feeding rising tensions between the two former Cold War foes, a U.S. defense intelligence report said on June 28.
Russia doesn't rule out retaliation if U.S. bans Kaspersky products (Reuters) Russia does not rule out retaliatory measures if the United States bans Moscow-based cyber security firm Kaspersky Lab's products, RIA news agency cited Russia's Communications Minister Nikolai Nikiforov as saying on Thursday.
H.R. McMaster: Omission of Article 5 commitment from Trump speech a 'manufactured controversy' (Washington Examiner) 'The president is absolutely committed to our treaty.'
Australia creates military cyber unit to expand hacking attacks (Reuters) Australia has created its first military cyber division, a government minister said on Friday, seeking to expand hacking attacks on foreign enemies including Islamic State.
Why the NSA Makes Us More Vulnerable to Cyberattacks (Foreign Affairs) When the U.S. government discovers a vulnerability in a piece of software, it can either keep it secret or it can alert the software vendor. In the case of WannaCry ransomware that spread throughout the Internet earlier this month, the NSA found the vulnerability years ago and decided to exploit it rather than disclose it.
What is needed to split NSA and Cyber Command? (C4ISRNET) In this first of a four-part series, we examine what Cyber Command needs to operate as its own, independent entity.
Here’s what Cyber Command’s war-fighting platform will look like (C4ISRNET) Cyber Command will need its own infrastructure and platform to conduct its mission separate from what it currently shares with the NSA.
Cyber, electronic warfare blur tactical, strategic lines (C4ISRNET) The Army is working to test new technologies to help inform requirements, doctrine and operational concepts in the cyberspace domain.
Senate zeros out funding for US Army’s battlefield network (Defense News) The Senate Armed Services Committee, in its fiscal year 2018 policy bill, has zeroed out funding for the Army’s battlefield network.
The Encryption Debate Should End Right Now (WIRED) When law enforcement argues it needs a “backdoor” into encryption services, the counterargument has typically been that it would be impossible to limit such access to one person or organization.
Litigation, Investigation, and Law Enforcement
Dem rep demands info on ransomware attack from NSA (TheHill) Rep. Ted Lieu (D-Calif.) is calling on the National Security Agency (NSA) to release what it knows about a massive ransomware attack that surged across the globe this week.
Kremlin urges international action to combat cyber crime (Yeni Şafak) Cyber attacks like the one which hit Russia and other countries on Tuesday underline the need for a concerted international action to fight cyber crime, Kremlin spokesman Dmitry Peskov said on Wednesday.
Six held in Spain, UK and Germany in anti-jihadist raids (BBC News) Among those arrested is a man in Birmingham described as as Salafist imam.
Sexism in terrorism: How reporting on women's acts of violence distorts reality (Middle East Eye) The media's coverage of terrorist acts perpetrated by women often distort their motivations. It's time female terrorist are given agency for their participation in violence
Facebook moderators can inspect private messages of users suspected of terror links (Help Net Security) Facebook's human moderators have the final say on whether there is a need to remove content or if law enforcement needs to be notified of a threat.
Twitter's Meme War Isn't About Civility, It's About Money (WIRED) If you're a fan of online music journalism, Tuesday was not a great day.
A new report raises some big questions about Michael Flynn and Russian hackers (Vox) The Wall Street Journal describes how one Trump supporter reached out to hackers — and dropped Flynn’s name.
Bush administration official blasts Trump over Russia (Reuters via Yahoo!) A former U.S. diplomat who served under Republican President George W. Bush criticized the Trump administration on Wednesday for failing to do more to investigate allegations that Russia sought to meddle in the 2016 U.S. election.
Windows 10 snooping: Microsoft has halved data it collects from PCs says watchdog (TechRepublic) The French regulator CNIL announced that Windows 10 now complies with the country's data protection laws, following changes to how the OS handles user privacy.
Canadian Supreme Court Says It's Fine To Censor The Global Internet; Authoritarians & Hollywood Cheer... (Techdirt) For the past few years, we've been covering the worrisome Google v. Equustek Solutions case in Canada. The case started out as a trademark case, in which Equustek claimed that another company was infringing on its trademarks online.
Mexican politicians targeted with spyware, research shows (TheHill) Citizen Lab releases new research on government spyware deployed against targets in Mexico.
Turkish journalists 'humiliated' by Israeli security at cyber conference (The Jerusalem Post) Turkish journalists were shocked by their treatment at the hands of Israeli security just as Israeli and Turkey are trying to normalize relations.
Microsoft-Led Investigation Results in Arrest of Four Tech Support Scammers (BleepingComputer) City of London Police announced they arrested four suspects, two men, and two women, on accusations of running tech support scams.
