The CyberWire Daily Briefing 7.5.17

Summary

By The CyberWire Staff

The Petya/Nyetya/NotPetya attack on Ukraine (with either intentional or collateral damage throughout most of the rest of the world) is tied more closely to Russian services as researchers find links to the BlackEnergy APT group.

In Ukraine itself the incident has moved into its law enforcement phase as police seize servers belonging to Intellect Service, the small "family owned" software outfit whose ME Doc accounting product appears to have been the initial source of Petya/Nyetya/NotPetya infestations. Intellect Service denies having anything to do with the attack, and says their code was clean when they released it.

A Bitcoin wallet associated with the campaign was emptied of the $10,000 it contained, and the apparent threat actors have made more noises about recovering your files, but caveat lector—consensus is that Petya/Nyetya/NotPetya was destructive in intent, and that the files it hit aren't coming back.

The shipping and logistics industry does some security introspection as sector leader Maersk returns more-or-less to normal. Self-examination surfaces uncomfortable insights.

Two cryptocurrency services—the Bithumb exchange and client-side Ethereum wallet Classic Ether—have come under attack. Bithumb users lost both Bitcoin and Ethereum; Classic Ether Wallet's website was hijacked.

Trend Micro has updates on SLocker ransomware—and it is actually ransomware—which is now mimicking WannaCry.

Researchers at Sucuri have found an SQL-injection flaw in a widely used WordPress plugin: WordPress Statistics.

H.I.G. Capital will acquire NCI for $283 million—said to represent a significant discount over the US Federal contractor's price at Friday's closing bell.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, Republic of the Congo, Estonia, France, Germany, India, Ireland, Italy, Republic of Korea, Israel, Lithuania, Isle of Man, NATO/OTAN, New Zealand, Romania, Russia, Samoa, Sweden, Tajikistan, Turkey, Ukraine, United Kingdom, United States, and and Zimbabwe.

On the Podcast

In today's podcast, we hear from our partners at Lancaster University as Awais Rashid presents a lesson on the anatomy of attacks. Our guest, Haiyan Song from Splunk, discusses Splunk's recent report "Investigation or Exasperation? The State of Security Operations."

Sponsored Events

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you. Come join the conversation!

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Researchers Find BlackEnergy APT Links in ExPetr Code (Threatpost) Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks.

Hackers Connected to NotPetya Ransomware Surface Online, Empty Bitcoin Wallet (Motherboard) Whoever is in control of the NotPetya bitcoin wallet has moved around $10,000 of funds, and a mysterious group has offered to unlock all of the ransomed files.

Cyber-Security Experts View Petya Malware as Nation-State Attack (eWEEK) Security experts in the U.S and Europe are debating whether the Petya cyber-attack that mainly affected computers in Ukraine, was nation-state inspired and originated in the Russian Federation.

A system wiper with no recourse: Researchers discover what NotPetya attack was really after (Security Brief) ESET senior research fellow Nick FitzGerald says that NotPetya was most likely a state-sponsored attack through malware.

The day a mysterious cyber-attack crippled Ukraine (BBC) Last week, an online attack brought chaos to Ukraine’s banks, hospitals and government – its creators’ intent was apparently disguised, so what was the aim?

NotPetya Ransomware Hackers 'Took Down Ukraine Power Grid' (Forbes) Ukraine has placed the blame for last week's ransomware outbreak on Russia. The allegations came as multiple cybersecurity companies claimed there were links between the so-called NotPetya ransomware and hackers who previously targeted power providers and shut down electricity across the country, most infamously in December 2015 and then again on a smaller scale a year later.

Analysis of TeleBots’ cunning backdoor (WeLiveSecurity) Analysis of TeleBots’ cunning backdoor: This article reveals details about the initial infection vector that was used during the DiskCoder.C outbreak.

PetrWrap Technical Analysis Part II: Further Findings and Potential for MBR Recovery (CrowdStrike) This technical analysis of the PetrWrap threat yields clues regarding how the attack unfolds, and the possibility of recovering the Master Boot Record.

NotPetya Ransomware Frequently Ask[ed] Questions (FAQ) (IT Security Guru) A new outbreak of ransomware, a form of malware which encrypts your files and demands a ransom payment to recover them, has hit organisations globally. It appears to be a derivative of the previously seen Petya ransomware, but with some differences. Many researchers have cast doubt on whether this really is a variant of Petya or something just designed to look like Petya, hence it has been dubbed NotPetya.

Latest malware attack exposes cybersecurity weaknesses (TheHill) A fast-spreading computer virus that ravaged data systems in Europe and the United States earlier this week has again raised questions about whether United States businesses and organizations are prepared for cyber threats.

Cyberweapon disguised as ransomware: How NotPetya could lead to war (Moneycontrol) “If the operation could be linked to an ongoing international armed conflict, then law of armed conflict would apply, at least to the extent that injury or physical damage was caused by it, and with respect to possible direct participation in hostilities by civilian hackers, but so far there are reports of neither,” said Tomáš Minárik, researcher at NATO CCD COE Law Branch.

Opinion | When Cyberweapons Go Missing (New York Times) The National Security Agency is so shrouded in mystery that it’s not even clear whether it knows how its weapons were stolen.

It’s time for the NSA to speak up about its stolen cyber weapons (Salon) Two global attacks in six weeks using the NSA's cyber weapons. Shouldn't they be held accountable?

Maersk brings major IT systems back online after cyber attack (Reuters) Danish shipping giant A.P. Moller-Maersk (MAERSKb.CO) said it had restored its major applications, as it brings its IT systems back online after being hit by a major cyber attack last week.

As Maersk gets back to work, shipping’s dire cyber security is laid bare - (Splash 247) Maersk’s IT team worked throughout the weekend to get systems back on track for the company in the wake of last Tuesday’s cyber attack and today operations at Maersk Line and APM Terminals are largely back to normal. However, a report out yesterday warns global carriers are severely under prepared for any future attack.

Shipping must learn from Maersk cyber attack – tighten security or be next, warning (Load Star) The shipping industry must learn from last week’s cyber attack on Maersk, say analysts, and the line’s chief commercial officer, Vincent Clerc, said the line would “have to ask ourselves some tough questions”.

Breach at US nuclear plants raises concerns in wake of Petya (Naked Security) With Chernobyl among those hit by Petya and the US breach, concerns are rising about the potential effect of weaponised exploits being used against nuclear energy infrastructure

Was a Palestinian hacker behind cyberattack on Israeli hospitals? (JerusalemOnline) ESET cyber security researchers are claiming that the virus that attacked computers in two Israeli hospitals last week was released by a hacker who identifies as a Palestinian. The virus is a spy tool designed to extract information.

SLocker Mobile Ransomware Starts Mimicking WannaCry (TrendLabs Security Intelligence Blog) Early this month, a new variant of mobile ransomware SLocker (detected by Trend Micro as ANDROIDOS_SLOCKER.OPST) was detected, copying the GUI of the now-infamous WannaCry.

AV-Test: Ransomware is a “Marginal Phenomenon” (Infosecurity Magazine) AV-Test: Ransomware is a “Marginal Phenomenon”. German institute says it comprised less than 1% of malware last year

Germany big target of cyber espionage and attacks, says government report (CNBC) Germany is a big target of spying and cyber attacks by foreign governments such as Turkey, Russia and China, a government report said on Tuesday, warning of "ticking time bombs" that could sabotage critical infrastructure.

Pre-Installed Software Flaws Expose Dell Systems to Code Execution (Security Week) Flaws in pre-installed software expose Dell systems to attacks that could result in the disabling of security mechanisms, privilege escalation, and arbitrary code execution within the context of the application user.

SQL injection vulnerability found in popular WordPpress plug in, again (SC Media UK) Security researchers have found yet another SQL injection vulnerability in a WordPress plugin.

How does the Antbleed backdoor vulnerability work? (SearchSecurity) Antbleed is a backdoor vulnerability in bitcoin mining tools from Bitmain. Here's a look at how that flaw works and how to uncover this type of issue.

MPs Targeted by Vishers Following Parliament Attack (Infosecurity Magazine) MPs Targeted by Vishers Following Parliament Attack. Phone fraudsters pose as IT technicians in bid to get log-ins

Now criminals are ringing up British MPs to ask them their passwords (Graham Cluley) Passwords are supposed to be secret. However nicely someone asks you, don't tell them your password.

Fourth Largest Cryptocurrency Exchange Was Hacked. Users Lose Ethereum & Bitcoin (BleepingComputer) Bithumb, the world's fourth largest cryptocurrency exchange by volume, confirmed a security incident during which an unknown hacker was able to make off with an yet undetermined amount of funds.

Classic Ether Wallet Hacked, Users Report Massive Losses (BleepingComputer) An unknown attacker has gained control over the web domain of Classic Ether Wallet, a client-side wallet system for the Ethereum Classic (ETC) cryptocurrency.

Issues about bitcoin everyone should know (Newsedges) Like a huge wave that’s expanding with each mile, Bitcoin is gaining more and more popularity, respectively its exchange rate is increasing as well ($1800 per BTC on May 16, according to CEX.IO bitcoin exchange).

Overview of Bitcoin Alternatives (Technology.org) Bitcoin is known as ‘digital gold’ and is by far the most popular cryptocurrency. However, it is slowly losing its dominance in the market to some great alternatives. Bitcoin has seen some great success, but it has its problems, and it’s now becoming clear that it’s not suitable for every application.

Data of Google Employees Exposed in Sabre Breach (BleepingComputer) The personal details of a small number of Google staffers have been exposed, according to a notification letter Google has started sending to affected employees.

Medical devices at risk: 5 capabilities that invite danger (CSO Online) It isn't just certain connected medical devices that put patient data and physical safety at risk, it's specific capabilities and systems within which they operate that make them a broad, and vulnerable, attack surface.

'Smishing' scams target your text messages. Here's how to avoid them (USA TODAY) Marc Saltzman talks about how to curb cyber scammers and cyber-criminals who attack through your cell phone SMS messages.

What It's Like When Pro Phishers Assail Your Inbox (WIRED) On a typical morning I have about 30 new emails in my personal inbox, and 40 in my work account. You know how it is. I archive what I don't want, scan part of a newsletter, click through to a coworker's Google Doc, and click "track my package" more often than I'd like to admit. It's all pretty standard stuff.

Security Patches, Mitigations, and Software Updates

GnuPG crypto library cracked, look for patches (Register) Boffins bust libgcrypt via side-channel

Siemen rushes to patch IoT devices against Intel AMT flaw (IT PRO) Industrial control devices vulnerable to remote attack

After Ransomware Attack, Windows XP Is Not Back From the Dead (New York Times) Microsoft recently issued an emergency patch for the operating system it retired in 2014, but the company has no plans to restore full support.

Windows 10 will use protected folders to thwart crypto ransomware (Help Net Security) Windows 10 Fall Creators Update is scheduled to be released in September, and will come with major new end-to-end security features.

Microsoft will pester you to install the Windows 10 Creators Update (pcgamer) If you're not running the Creators Update, get ready for pesky pop-ups.

Cyber Trends

Top 10 Most Hackable Countries In The World In 2017 (Fossbytes) Cyber attacks are on the rise. Rapid7's National Exposure Index throws light on how vulnerable are individual countries to attacks, like DDoS, eavesdropping, etc. According to the report featuring data for 183 countries, Zimbabwe is the most exposed.

Cyber is broken (LinkedIn) Massively complex, broken enterprise networks are driving spending on cyber security, and dragging the rest of us along for the ride.

Only half of CIOs updated security after WannaCry: report (CRN Australia) A quarter say they have experienced ransomware attacks.

Cyber attacks 'rife' in Australia (Financial Review) The Australian CEO of the world's largest cyber security firm has warned that unreported ransomware attacks are "rife" in Australia.

65% of major US banks have failed web security testing (IBS Intelligence) Websites run by some of the largest banks in the US have scored the poorest in a new security and privacy analysis audit.

Small businesses 'dying' because of cyber threat (UKFast) Secarma MD Paul Harris says half of all cyber-attacks are upon small firms, which often don’t take the threat seriously enough

Marketplace

The Cost Of A Data Breach Can Be An Expensive Headache (ARC) The prevalence of cybercrime is part of the digital economy but data breach costs can be more than just a financial outlay.

Manufacturers Buying More Cyber Insurance (EBN) Cyber attacks are no longer limited to front office interactions with individual customers. The amount of data now integrated into smart products, manufacturing equipment and other machines that keep operations running is a sweet temptation for hackers. The threat of a cyber-attack and potential fallout after a security breach poses new risks manufacturers should consider and act on.

Petya’s Role in the Recent Cybersecurity Stock Surge (Market Realist) Several prominent cybersecurity stocks rose on Wednesday, June 28, following the Petya ransomware attack. FireEye stock (FEYE) rose 1.6% to $15.66, while Barracuda Networks (CUDA) rose 1.5% to $22.94, and Check Point Technologies (CHKP) rose ~1% to $112.11.

Cyber-Security Startups Score Big Rounds of Venture Funding in June (eWEEK) Multiple security vendors raised more than $100 million in June, the most active month for cyber-security startup funding so far in 2017.

Cisco is relieved the FTC stepped in to protect it from its competitor (Business Insider) The FTC is putting a special watchdog in place when Cisco's major chip supplier, Broadcom, buys one of Cisco's competitors, Brocade.

Cisco: More Than A Touch Of Irony (Seeking Alpha) Announcement by Cisco and Apple of an effort to secure cyber security insurance discounts for customers raises many issues which negatively impact Cisco's valua

Commentary: Merits of Cisco acquisition policy (Digitimes) There have been diverse opinions about Cisco Systems' continued acquisition policy for over the past 25 years, with one of the opinion groups even arguing that the operating benefits derived from these acquisition projects have been limited, or less sucessful than expected. But for Cisco, this is simply not true.

NCI agrees to be acquired by H.I.G. Capital for about $283 million in cash (MarketWatch) NCI Inc. NCIT, -4.98% which offer IT services to federal government agencies, said Monday it has agreed to be acquired by funds managed by a unit of private-equity firm H.I.G. Capital for about $283 million in cash.

NCI sale to private equity firm comes at tough time for contractor (Washington Business Journal) The private equity firm has bought the Reston contractor for a discount compared with its Friday closing stock price.

Why Palo Alto Networks, Inc. Stock Climbed 12.8% in June (The Motley Fool) The network and enterprise security company popped after a strong quarterly report.

Short FireEye. Really? (Seeking Alpha) Catalysts for significant price movements are not fully hatched. FireEye will continue to trade on macro events until more data is made available on the success

Microsoft job losses feared in cloud-focused global restructure (CRN Australia) Part of cloud-focused sales reorganisation.

Defense Industry Race to Buy Hot Startups (Scout.com) In just one year, the nation’s largest defense contractor has injected close to $20 million into tech startups.

Md. cybersecurity council urges more state investment to combat attacks (Maryland Daily Record) Maryland has made progress in improving its cybersecurity environment but must do more to invest as cyberattacks increase, the first full report by the state’s cybersecurity council said.

Products, Services, and Solutions

Versasec Announces Partnership with Softshell in Europe (Versasec) Value-added distributor focuses on cybersecurity in Germany, Austria, Switzerland

Comodo and Domain Name Registrar Internet.bs Partner to Provide TLS/SSL Certificates (PRNewswire) Comodo, a global innovator and developer of cybersecurity solutions and...

How High-Tech Bridge uses machine learning (Help Net Security) The CEO at High-Tech Bridge illustrates how his company uses machine learning to reduce human time without impacting testing quality or liability.

Minerva protects endpoints with trickery and deception (CSO Online) Minerva's Anti-Evasion Platform targets the new breed of environmentally-aware malware. The idea is that most normal threats will be blocked by traditional antivirus and Minerva will stop anything that attempts to get around that protection.

Crypto SmartProtect - Cyber defence at the highest level (Presse Box) Conventional defences are not effective against highly professional cyberattacks on authorities, organisations and companies. Multi-stage security elements are required...

City of Mumbai Chooses Fortinet to Provide Wireless Internet Access to Citizens of India’s Commercial Capital and Largest City - NASDAQ.com (NASDAQ.com) Fortinet Security Fabric enables digital empowerment project and defends against threats from the Internet of things

Sure's award for security product (Manx Radio) CEO delighted Sure is recognised

Technologies, Techniques, and Standards

European cloud adoption continues despite security concerns (ComputerWeekly) Confusion reigns in European firms about security responsibility for cloud-based services, while investment in additional measures highlights ongoing concerns.

GDPR: who needs to hire a data protection officer? (Naked Security) The clock is ticking to GDPR – here’s our guide to the role of a data protection officer and whether you need to hire one

UK Councils Still Failing on GDPR Compliance Plans (Infosecurity Magazine) UK Councils Still Failing on GDPR Compliance Plans. Over half don’t have DPO, according to FOI request

The Problem with Data (Dark Reading) The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.

HTTPS Certificate Revocation is broken, and it’s time for some new tools (Ars Technica) Certificate Transparency and OCSP Must-Staple can't get here fast enough.

Beyond public key encryption (A Few Thoughts on Cryptographic Engineering) One of the saddest and most fascinating things about applied cryptography is how little cryptography we actually use. This is not to say that cryptography isn’t widely used in industry &#8212…

Security's blind spot: The long-term state of exception (Help Net Security) Even a fully functioning and well-integrated security system will need to be monitored and adjusted over time, you always have to keep alert.

Rising information security threats, and what to do about them (Help Net Security) The current major and, unfortunately, rising threats are ransomware, CEO email attacks (BEC scams), and the exploitation of zero-day vulnerabilities.

Cyber Flag exclusive: What goes into validating a cyber team? (C4ISRNET) C4ISRNET was provided exclusive access to U.S. Cyber Command’s premier annual training exercise, Cyber Flag, in which 12 teams were used as the capstone toward reaching full operational capability.

Cyber training and education must be continuous [Commentary] (C4ISRNET) Considering the pace with which technology is advancing and implemented, it is easy to see just how essential continuing educations has become.

What SMBs can learn from WannaCry and the Vault 7 leaks (Computing) Do small businesses have anything to fear from the glut of anti-privacy tools?

‘Who is going to protect us?’ Solving one of cybersecurity’s biggest problems (Computer Business Review) Cybersecurity's skills shortage is no secret, yet there is a continuous and arguably increasing pressure to fire fight against proliferating cyber-attacks

Design and Innovation

Horcrux Is a Password Manager Designed for Security and Paranoid Users (BleepingComputer) Two researchers from the University of Virginia have developed a new password manager prototype that works quite differently from existing password manager clients.

In quest to replace Common Access Card, DoD starts testing behavior-based authentication (FederalNewsRadio.com) The Defense Department has started testing one potential technology to replace the Common Access Card.

Why are Microsoft’s chatbots all assholes? (BGR) If artificial intelligence is indeed the future, then Microsoft needs to be sent to the remedial boarding school upstate. Just one year after shuttering teen chatbot Tay because it became a racist …

Who cares about smart city security? (CSO Online) There is a fierce debate raging over smart city security, with one side fueling the hype while the other conjures nightmare scenarios. The trouble is that the debate is silent, siloed and unproductive.

Legislation, Policy and Regulation

Explaining Australia’s sharp turn to information warfare (Interpreter) Last week the Turnbull Government announced the creation of the country's modified version of a US Cyber Command.

EXCLUSIVE: Prime Minister talks exclusively to Crikey in this exclusive on The Cyber (Crikey) It's time for a dose of reality on cybersecurity ...

Knesset Panel Clears Bill Allowing Court to Censor Internet (Haaretz) Critics say the bill gives police and prosecutors too much power and doesn't ensure a transparent process read more: http://www.haaretz.com/israel-news/1.799335

NCSC Rolls out Active Cyber Defense Government Programs (Infosecurity Magazine) NCSC has announced the launch of four ‘Active Cyber Defencs’ programs to improve basic level of cybersecurity across UK business and government departments

Cry ‘Havoc!’, and let slip the dogs of lulz (TechCrunch) Well, why not? I mean, you know, what the hell. Dave Aitel's proposal over at The Hill for "a cyber investigatory setup funded by private industry" to react..

Pentagon demands contractors up cybersecurity (San Antonio Express-News) Changes include a requirement for contractors to use multi-factor authentication; prohibit the use of flash drives; and send reports of any attacks on computers accessing government networks.

In the wake of the cyber sprint, OMB to develop new consolidated identity management guidance (FederalNewsRadio.com) OMB's forthcoming guidance is designed to give agencies one place to view OMB's collection of identity management policies and lessons.

Is it Time to Can the CAN-SPAM Act? (KrebsOnSecurity) Regulators at the U.S. Federal Trade Commission (FTC) are asking for public comment on the effectiveness of the CAN-SPAM Act, a 14-year-old federal law that seeks to crack down on unsolicited commercial email. Judging from an unscientific survey by this author, the FTC is bound to get an earful.

Cyber Command leverages acquisition model of special operations group (C4ISRNET) With the new acquisition authorities Congress granted to U.S. Cyber Command, the nascent organization is emulating the buying model of U.S. Special Operations Command.

Opinion | Vacancies in federal cybersecurity directorate leave the U.S. more vulnerable (Washington Post) Regarding the June 28 news article “Ukraine fares worst as cyberattack sweeps Europe with ransom demands”: It should be noted that there are numerous vacancies in the Department of Homeland Security...

Interview: US Rep. Elise Stefanik (Defense News) U.S. Rep. Elise Stefanik is the chairwoman of the Armed Services Emerging Threats and Capabilities Subcommittee with jurisdiction over Pentagon cyber operations, counter-terrorism, U.S. Special Operations Command and countering weapons of mass destruction.

Don't expect Govt to protect NZ healthcare firms from cyber attacks, health expert warns (Security Brief) “None of us can pass the buck and assume that its up to the government and big corporates to protect New Zealand health organisations."

Former Pentagon Money Man to Oversee Defense of NATO Computer Networks (Defense One) Kevin Scheid returns to the alliance as members eye spending increases to pay for cyber projects and traditional weapons.

Litigation, Investigation, and Enforcement

ME Doc's servers seized in NotPetya investigation in Ukraine as attackers remove $10,000 in bitcoin from 'ransomware' wallet (Computing) Attack on ME Doc - used by four-fifths of companies in Ukraine - a nation-state attack intended to disrupt the country, claim authorities

Ukrainian software company will face charges over cyber attack, police suggest (Australian Broadcasting Corporation News) The Ukrainian tax software company that is accused of being the patient zero of a damaging global cyber epidemic is under investigation and will face charges, Ukraine's CyberPolice suggest.

Family firm in Ukraine says it was not responsible for cyber attack (Reuters) Ukrainian company Intellect Service was not responsible for last week's international cyber attack that brought down the computer systems of several major companies, the father and daughter team told Reuters on Monday.

Kaspersky Lab row: Russian minister warns of blowback (ITWire) A senior Russian official has escalated the war of words over products from Kaspersky Lab by saying that any "unilateral political sanctions" by the US against Russian companies could prompt a response from Moscow.

Documents could link Russian cybersecurity firm Kaspersky to FSB spy agency (Chicago Tribune) Kaspersky's certifications, issued by the spy agency known as the FSB, include a military intelligence unit number matching that of an FSB program.

How close is Russian cyber firm to Russia’s spies? (Charlotte Observer) Kaspersky Lab, the Russian company that strongly denies allegations it is tied to the Kremlin’s intelligence arm, could face new questions. McClatchy found that government certifications issued to the company contain a military intelligence number, prompting some experts to suggest it may be hard evidence.

United States Of Paranoia: Why The Specter Of Russian Meddling Won't Go Away (Talking Points Memo) As experts try to determine the depth of foreign espionage operations during the 2016 race, everything is starting to look...

Foisting Blame for Cyber-hacking on Russia (Consortium News) Cyber-criminal efforts to hack into U.S. government databases are epidemic, but this ugly reality is now being exploited to foist blame on Russia and fuel the New Cold War hysteria, reports Gareth Porter.

Medicare information spotted for sale on dark web (CRN Australia) Minister calls in AFP.

No 10 ‘buried terror report to protect Saudi Arabians’ (Times (London)) Theresa May has been accused of burying a report into the funding of Islamist extremism in the UK for fear it will embarrass Saudi Arabia. It has emerged that the report, which was originally...

ISIS Hits Iran (Foreign Affairs) After three years of trying to strike Iran, the Islamic State (ISIS) finally succeeded in June

Liberty Wins Right to Challenge Parts of Snoopers’ Charter (Infosecurity Magazine) Liberty Wins Right to Challenge Parts of Snoopers’ Charter. Bulk surveillance has already been ruled illegal by European Court

Health trust rapped on illegal use of patient data in Google AI deal (Naked Security) A deal between a healthcare trust and Google’s DeepMind project to be much smarter about diagnosis and prevention could have been a good thing – so what went wrong?

When is public information not public? When LinkedIn says so (Naked Security) A start-up is challenging LinkedIn on access to users’ public profiles – how do you feel about your public data being used in this way?

Collaboration is key to combating cyber crime (ComputerWeekly) Interpol has called for speedy and effective information-sharing between law enforcement agencies, governments, businesses and cyber security companies to counter growing cyber threats.

UK Teen Charged with Running DDoS Booter Service (BleepingComputer) UK authorities have charged an eighteen-year-old with running a DDoS booter service that was used to launch DDoS attacks on legitimate businesses across the world.

Who is the GovRAT Author and Mirai Botmaster ‘Bestbuy’? (KrebsOnSecurity) In February 2017, authorities in the United Kingdom arrested a 29-year-old U.K. man on suspicion of knocking more than 900,000 Germans offline in an attack tied to Mirai...

Pakistani man jailed for 4 years over $19.6M hacking scheme (HackRead) Muhammad Sohail Qasmani, a 49-year-old Pakistan was sentenced to four years of imprisonment after he was discovered to have hacked into the internal phones

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

upcoming Events

CyberSecurity International Symposium (Chcago, Illinois, USA, July 10 - 11, 2017) The Symposium will take an in-depth look at the latest cyber security threats and trends, as well as real-world strategies for securing critical networks and data in enterprise, commercial, government and industrial environments. The event will bring together several hundred industry practitioners, researchers, regulators and solution providers for two days of in-depth, focused networking and information sharing at the cutting edge of cyber security. Many leading companies in the sector will be presenting.

East Midlands Cyber Security Conference and Expo (Leicester, England, UK, July 11, 2017) The conference and expo will bring together over 150 businesses, information security providers and key influencers to discuss the threats posed by online criminals and the practical ways in which business make themselves more resilient to cybercrime. Core themes will include: the evolving cyber threat; cyber resilience in the supply chain; and essential cyber skills.

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Petya/Nyetya/NotPetya tied to BlackEnergy APT (and it still looks destructive in intent) as Ukrainian police investigate firm associated with initial infections. Maersk returns to normal. Crytocurrency-related hacks. SLocker apes WannaCry. WordPress Statistics SQL-injection bug.