Fancy Bear snuffles at CyCon. Energetic Bear sniffs at the US and UK grid. How trolls groom influencers. ICS Security Conference opens.

Atlanta: the latest from the ICS Security Conference

2017 ICS Cyber Security Conference (Control Global) The 17th ICS Cyber Security Conference will be held the week of October 23rd in Atlanta, GA (www.icscybersecurityconference.com).

Panel session on using cyber to manipulate physics to cause kinetic damage (Control Global) October 25th at the 2017 ICS Cyber Security Conference in Atlanta, Neil Holloran, Ken Loparo from Case Western, and myself will host a panel session on using cyber means to manipulate physics.

Cyber Attacks, Threats, and Vulnerabilities

Russia’s Election Hackers Use D.C. Cyber Warfare Conference as Bait (The Daily Beast) The Kremlin’s top hackers are turning a gathering packed with NATO and U.S. military cyber defenders into an opportunity for more attacks.

“Cyber Conflict” Decoy Document Used In Real Cyber Conflict (Talos Intelligence Blog) Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…).

Twitter CEO Jack Dorsey Retweeted Alleged Russian Trolls (The Daily Beast) Even Jack Dorsey fell for Moscow’s propaganda, it appears. He retweeted messages from an account identified by an independent Russian news agency as Kremlin-created.

Report: Twitter CEO took a Russian impostor’s bait in 2016 (Ars Technica) The retweets were for innocent, “positive" stories.” And that was the point.

Antisocial media? (TechCrunch) As Facebook finds itself publicly on the hook for enabling Russian agents to spread divisive propaganda via its platform, be it in the form of fake news,..

GCHQ foils Northern Ireland cyber attack (BelfastTelegraph.co.uk) Northern Ireland infrastructure has been hit by

U.S. warns public about attacks on energy, industrial firms (Reuters) The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure.

US DHS Warns CNI Firms of Dragonfly Attacks (Infosecurity Magazine) US DHS Warns CNI Firms of Dragonfly Attacks. New campaign focused on stealing ICS and SCADA data

India is an unexpected axis of North Korea's suspect cyber activity (Quartz) Researchers have discovered patters of internet use that mirror those of hackers based in China.

‘IOTroop’ Botnet Could Dwarf Mirai in Size and Devastation, Says Researcher (Threatpost) Malware dubbed IOTroop that researchers say is 'worse than Mirai' has already infected one million businesses worldwide.

Hackers scanning for unsecured SSH private keys on WordPress sites (SC Magazine) Lack of key security allows criminals keys to the kingdom after scanning 25,000 systems per day to find unsecured SSH private keys.

Hackers Distribute Malware-Infected Media Player to Hundreds of Mac Users (Motherboard) Yet another software supply-chain attack hits popular applications.

MacOS Proton backdoor delivered via Trojanized media player app (Help Net Security) A Trojanized version of Elmedia Player software for Mac was available for download for who knows how long from the developer's official site.

New Magniber Ransomware Targets South Korea, Asia Pacific (Threatpost) Researchers identified a new ransomware family called Magniber that uniquely only targets users in South Korea and the Asia Pacific regions.

Security Experts Disturbed by Magniber Ransomware (Virus Guides) Security researchers got disturbed by a brand new ransomware family, called Magniber. The malicious threat is being distributed via the Magnitude exploit k

Malware Invaders - Is Your OS at Risk? (AlienVault) Malware Invaders - Is Your OS at Risk?

Kaspersky Lab Hits Back with Global Transparency Initiative (Infosecurity Magazine) Kaspersky Lab Hits Back with Global Transparency Initiative. Russian AV giant will offer source code for independent review

Take our word (Kaspersky Lab) Kaspersky Lab announces comprehensive transparency initiative

Kaspersky Software Hack of US Intelligence Is a New Type of ‘Trojan Horse’ (In Homeland Security) Americans paid Kaspersky Lab for the privilege of using its antivirus software that sucked out their information and sent it to Russia.

Is a telco in Brazil hosting an epidemic of open SOCKS proxies? (SANS Internet Storm Center) I became interested in how criminals and bad actors conceal the origin point of their Internet traffic. TOR, The Onion Router project, is one common way to anonymize Internet traffic. TOR nodes allow any proxy-aware application to send traffic through the encrypted anonymity tunnel...

Cloud Security Alliance Releases Updates to 'The Treacherous 12: Cloud Computing Top Threats in 2016' (PRNewswire) The Cloud Security Alliance (CSA), the world's leading organization dedicated...

Top Threats to Cloud Computing Plus: Industry Insights - Cloud Security Alliance (Cloud Security Alliance) Abstract: The Top Threats to Cloud Computing Plus: Industry Insights serves as a validation of the relevance of security issues discussed in the earlier document as wells as provides references and overviews of these incidents. In total, 21 anecdotes and examples are featured in the document. The references and overview of each anecdote and example...

Cybercriminals focus on the shipping and cloud storage sectors (Help Net Security) APWG found upticks in phishing attacks against companies in the Logistics & Shipping as well Cloud Storage & File Hosting sectors.

How I Socially Engineer Myself Into High Security Facilities (Motherboard) A pentester shares a story that shows how social engineering can get you anywhere.

In leaked audio, Facebook security chief says its corporate network is run "like a college campus" (ZDNet) The source of the recording said Facebook's senior management and executives were apathetic to matters of cybersecurity. Alex Stamos said he used one of the remarks "as a figure of speech."

Infosec shouldn't eat their own, we're better than this (Help Net Security) The foundation of a work relationship is trust. In the absence of trust, there is chaos. In the absence of trust, we all lose.

NBN attacked by pirate internet operators installing shadow networks (Australian) Pirate internet providers who are installing shadow networks for thousands of new apartments around Australia have cost the National Broadband Network tens of millions of dollars in wasted connection fees and are causing the taxpayer-owned company to lose millions more each year in lost subscriptions.

Hackers Take Over Funeral Home's Email Account and Run Online Scams (BleepingComputer) Hackers have taken over the email account of a Louisiana funeral home and are sending email scams to the company's customers, asking for money.

Security Patches, Mitigations, and Software Updates

Google might block embedded cryptocurrency mining with new Chrome feature (HackRead) Google Aims to Put an End to Secret Cryptojacking by Making In-Browser Permissions Necessary. In-browser cryptocurrency mining has become the latest obsess

Cyber Trends

The cyber man v state hackers (Times) Cyber security expert Paul C Dwyer expected a certain amount of scrutiny when he contacted whistle-blower Edward Snowden to ask him to speak at next week’s Cyber Threat Summit conference in Dublin...

Research highlights a record number of conveyancing related cyber thefts (Today's Conveyancer) The Law Society has published its latest roundup, highlighting recent research on the legal services market. The roundup covers information from legal sector bodies, the Ministry of Justice, academics and others interested in the sector. According to the report, the Solicitors Regulation Authority (SRA) has seen a record number of reports of cyber thefts from …

Aviation must rally to fight intensifying cyber threats (tnooz) Aviation industry leaders must fight growing cybersecurity threats according to a leading industry figure.

Cybersecurity tops list of concerns for IN fabricators (KPCNews) bhernandez@kpcmedia.com

Marketplace

Surveying 17 Anti-Virus Firms on Their Security Practices (BankInfo Security) The Kaspersky Lab saga raises questions about how vulnerable any anti-virus products and back-end cloud networks might be to hacking. Asked to detail exactly what

Cybersecurity Tops Venture Capital Funding (PYMNTS.com) With more than $172 million raised in total, it was a healthy week for B2B startups, though one clear winner emerged: cybersecurity, which landed nearly 70 percent of the total funding. Two cybersecurity companies came out on top, but they both focus their enterprise security efforts in different ways. It’s probably a good thing, too, […]

Is Your Business Insured Against A Cyber Attack? (JD Supra) Your business has insurance coverage for flood and fire damage. You are protected if an employee gets into a car accident. But are you covered for a cyber...

Booz Allen Hamilton (BAH) to Acquire Morphick, Inc (Street Insider) Booz Allen Hamilton (NYSE: BAH) today announced that it has entered into an agreement to acquire technology firm Morphick, Inc., a leader in managed detection and response (MDR) services.

Tech Giants Are Paying Huge Salaries for Scarce A.I. Talent (New York Times) Nearly all big tech companies have an artificial intelligence project, and they are willing to pay experts millions of dollars to help get it done.

Google partners with bug bounty platform HackerOne to reward researchers to fix Play Store apps (The Drum) To step up safety of Play Store, Google has announced a $1,000 (£760) bounty for security researchers to hack and fix the apps as part of its Google Play Security Reward Program.

IBM to boost cybersecurity awareness with start-ups (Business Standard) Globally, companies noticed a 10% drop in data breach cost

NATO’s cyber security hampered by old-style cost models and acquisition delays (Jane's 360) Officials at the NATO Communications and Information Agency (NCIA), the alliance’s cyber and information and communications technology (ICT) procurement wing, say they intend to push down the cost of NATO’s contracted cyber security products and services by, among other things, targeting the operations and maintenance (O&M) side to cyber security and shifting more of NATO’s ICT functions to the cloud.

Is Raytheon a Buy? (Madison.com) Raytheon (NYSE: RTN) is a strong company with a healthy order book, yet it is also currently trading at a historically high multiple to earnings. So is now a good

Tourism attracts new Cyber security firm to Savannah (Savannah Now) Savannah’s tourism industry has played a role in attracting a new business to Bull Street.

Cohesive Networks CFO Takes National Role in Fighting Cybersecurity RisksDwight Koop Elected Treasurer of FBI's InfraGard National Member Alliance (Business Insider) Dwight Koop, Cohesive Networks’ COO and CFO, was elected to the Treasurer of the FBI's InfraGard National Member Alliance. Mr. Koop was elected at the InfraGard National Congress in Dallas September 25 - 28, 2017.

Nominet names Whitburn as SVP for cyber security (Capacity Media) Nominet has named Simon Whitburn as its new senior vice president for cyber security services as it looks to expand its presence in the sector on a global level.

Products, Services, and Solutions

Imperva Expands Global Incapsula Network to Increase Performance and Speed Attack Mitigation (BusinessWire) Imperva expands global Incapsula network to increase performance and speed attack mitigation

Find your unprotected Amazon S3 buckets with this free tool (The Next Web) Left your S3 Bucket set to public? I wouldn't.

Technologies, Techniques, and Standards

Breached? The Need for Speed in the Golden Hour (TEISS) The critical first hour or 'golden hour' is after something does slip through the net from a technical and organisational perspective

Boards need battleplan to combat cyber-attacks (Asset Finance International) More than two-thirds of FTSE 350 boards have never received any training to deal with a cyber-attack and 10% have no plans in place to respond to an incident, UK government research has revealed.

What knowledge factors qualify for true two-factor authentication? (SearchSecurity) Applying two-factor authentication to a mobile device can create confusion. Michael Cobb clears the air around knowledge factors and BYOD.

Dev writes Ethereum code for insecure SHA-1 crypto hash function (Register) Interaction with legacy systems but not all think it's a good idea

Code Signing in the Age of Cloud and IoT (Infosecurity Magazine) Code signing is the key to unlocking the IoT’s true potential, ensuring security and safety are embedded in every device.

The 10 misconceptions of using a policy-based approach for access control (Help Net Security) Attribute Based Access Control is the evolution from simple access control lists and role-based access control, to a highly flexible system.

Cyber-security means empowering staff - right down to the caretaker (Independent) The castle wall - the ultimate in safety and protection. And not just as a medieval fortress. For many years now, the castle has been used as a metaphor to teach the basic concepts...

Research and Development

‘Unhackable’ electronic chip being developed in Abu Dhabi (The National) New York University Abu Dhabi researcher says the chip, which could be used in phones, is the first prototype to have security features built into the hardware and he is inviting hackers to try to break the code

Rumbles of the Quantum Computing Revolution in Security (The Cipher Brief) Theoretical ideas appear to be on the brink of spurring a revolution in quantum technologies and, as a result, defense and national security.

Legislation, Policy, and Regulation

China goes looking online for government secrets (CSO Online) China’s president painted a picture of openness and diplomacy, but cyber activity that seems to come from the country indicate Chinese hackers pose a threat.

Hack-back bill would legalize companies hacking their attackers (Naked Security) What could possibly go wrong?

Companies Need to ‘Think Twice’ Before Retaliating Against Hackers (The Cipher Brief) While hacking back may be the most sexy of options, it is one that we should rarely employ.

Rosenstein's "Responsible Encryption" a Fallacy, Experts Say (Bigger Law Firm Magazine) U.S. Deputy Attorney General Rod Rosenstein recently reignited debate around digital encryption and its ability to thwart investigations into increasingly many crimes. In remarks delivered at the United States Naval Academy in Annapolis, Maryland, Rosenstein took Silicon Valley to task, characterizing tech companies as standing in the way of public safety.

Lady officers to be Indian Army's cyber warriors (Business Today) Seeking to open new avenues for women officers in the force, the Indian Army is planning to deploy them as cyber warriors to deal with the threats in the domain.

Litigation, Investigation, and Law Enforcement

Europol calls for cooperation on Darkweb and IOT use by criminals (SC Media UK) A coordinated law enforcement approach to Dark Web called for by Europol and Interpol; Europol/ ENISA warn of IOT use by criminals

Today’s bank heists aren't what they used to be with the battle now fought out in cyberspace (The Telegraph) Bank heists aren’t what they used to be.

UK Fraud Dominated By Cyber (Infosecurity Magazine) The most common type of fraud reported was bank and credit-card fraud, with more than 2.5 million incidents in the period.

Websites 'complicit in cyber-crime' (BBC News) A police chief calls for more to be done to tackle cyber-crime on sites such as Craigslist.

Man arrested after ‘good morning’ post was mistranslated by Facebook as ‘attack them’ (CSO Online) Israeli police arrested a Palestinian man after his “good morning” post was translated by Facebook as “attack them.”

Teen hacker sentenced for serious disruption of Phoenix 911 system (Naked Security) He intended to build a “non-harmful but annoying bug that he believed was ‘funny.’”

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, Dec 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government and private sector decision makers, buyers, and influencers in order to meet and do business and to advance resilience against cyber attack.

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, Dec 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive comprehensive guidance and best practices for establishing and managing an Insider Threat Program. Anyone concerned with employee threat identification and mitigation will gain valuable knowledge from attending meetings. This meeting will focus on human resources interaction with an insider threat program and behavioral indicators of insider threat.

Cyber Security Summit Los Angeles (Los Angeles, California, USA, Nov 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Los Angeles is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, Nov 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems. The conference will also promote essential collaboration between decision makers and technology experts, in order to streamline solutions to resist cyber threats and attacks.

INsecurity (National Harbor, Maryland, USA, Nov 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling with security concerns. INsecurity will feature some of the industry’s most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation.You’ll have a chance to meet colleagues in the cybersecurity profession to discuss the everyday challenges you face in protecting enterprise data. And you’ll get in-depth insights on how other organizations perform security best practices, and how they manage their teams.

INsecurity (National Harbor, Maryland, USA, Nov 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department, and real-life methods that you can use to shore up your own enterprise defenses. It will also feature some of the industries most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation. Use Promo Code CYBERWIRE100 for $100 off the current rate.

AutoMobility LA (Los Angeles, California, USA, Nov 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, Nov 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity building. The fifth conference, planned to be the biggest in magnitude, shall take place at New Delhi, India on 23-24 November 2017.

Aviation Cyber Security (London, England, UK, Nov 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain and third party risk, incident response, integrating of cyber security and safety, IT and OT convergence, Security Operations Centres and much more as we further develop our collective insight in how we can mitigate risk and develop resilient end to end networks capable of delivering safety and value to all stakeholders.

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, Nov 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets on cyber security products and services. Currently, the cost to Mexico's overall economy imposed by cyber attacks is more than US$3 billion. The country is a manufacturing powerhouse and is increasingly implementing automated processes. It is also highly integrated with the global financial system.

Federal IT Security Conference (Columbia, Maryland, USA, Nov 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

Sector (Toronto, Ontario, Canada, Nov 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors.

Countermeasure (Ottawa, Ontario, Canada, Nov 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, Nov 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, Nov 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

Fourth Annual JLCW Conference (New York, New York, USA, Nov 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues.

SINET Showcase 2017 (Washington, DC, USA, Nov 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event showcases the SINET 16, the annual list of the most innovative young companies in the industry.

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, Jan 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program brings together healthcare, medical device and security experts to offer a unique complete end-to-end perspective on the cybersecurity environment – from the economics and motivations of ransomware authors to the needs of the patient. Supporting organizations of the Summit include the American College of Clinical Engineering, INCOSE and The Society for Participatory Medicine. Keynote speakers include Ron Williams, IBM Security Systems and Matthew Green, PhD, Johns Hopkins University.

CyCon US (Washington, DC, USA, Nov 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, Nov 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.