Atlanta: the latest from the ICS Cybersecurity Conference
The State of the State: a plea for clarity. (The CyberWire) Joe Weiss's annual State of the State address was a plea for clarity and a warning against the consequences of failure to improve the state of industrial control systems' security.
CrashOverride: its aftermath and its implications. (The CyberWire) Robert M. Lee (of Dragos) began his talk with some skepticism about our capacity to learn. "In the aftermath of each attack, people tend to use it to advocate for the positions they've already held. There's little evidence of people learning and changing their minds." That said, however, he offered a moderately encouraging assessment of the current reality of ICS security.
DHS's Dragonfly ICS campaign alert isn't enough, experts say (SearchSecurity) A DHS alert confirmed cyberattacks in the Dragonfly ICS campaign, but experts said warnings aren't enough and more action needs to be taken.
The Directive on security of network and information systems (NIS Directive) (Digital Single Market) The NIS Directive is the first piece of EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU.
NIST Special Publication 800-82 Revision 2: Guide to Industrial Control Systems (ICS) Security (National Institute of Standards and Technology) This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements.
Secure Architecture for Industrial Control Systems (SANS Institute) Industrial Control Systems (ICS) have migrated from stand-alone isolated systems to interconnected systems that leverage existing communication platforms and protocols to increase productivity, reduce operational costs and further improve an organization s support model.
Cyber Attacks, Threats, and Vulnerabilities
Infrastructure for the ‘Bad Rabbit’ Ransomware Appears to Have Shut Down (Motherboard) Most of the servers and sites used by the hackers behind the ransomware are down just a day after the outbreak started.
Bad Rabbit ransomware spreading in Eastern Europe 'with ties to NotPetya' (Computing) Ransomware is installed via a download and can move laterally within a network - but some researchers think that the scale of the problem has been blown out of proportion
An Aftershock of NotPetya Ransomware Sweeps Russia and Ukraine (WIRED) "BadRabbit," linked to the authors of NotPetya, hits hundreds of victims, including subways, an airport, and media firms.
New ransomware attack hits Russia and spreads around globe (Equity Xperts) The U.S. government has issued a warning about a new ransomware attack that spread through Russia and Ukraine and into other countries around the world.
Bad Rabbit malware raises fears of third global ransomware attack (ComputerWeekly) A new ransomware attack that has commonalities with WannaCry NotPeya is reportedly hitting organisations in Russia, Ukraine, Turkey, Bulgaria and Germany
Companies in Ukraine, Russia come under new cyberattack (Fifth Domain) A new strain of malicious software has paralyzed computers at a Ukrainian airport, the Ukrainian capital’s subway and at some independent Russian media.
Bad Rabbit Ransomware Spreads via Network, Hits Ukraine and Russia (TrendLabs Security Intelligence Blog) A ransomware campaign is currently ongoing, hitting Eastern European countries with what seems to be a variant of the Petya ransomware dubbed Bad Rabbit.
BadRabbit: a closer look at the new version of Petya/NotPetya (Malwarebytes Labs) BadRabbit, a new version of NotPetya, also has an infector allowing for lateral movements. However, unlike NotPetya, it does not use EternalBlue and uses a website to drop its payload.
Bad Rabbit: Not-Petya is back with improved ransomware (WeLiveSecurity) A new ransomware outbreak today has hit some major infrastructure in Ukraine including Kiev metro. Here are some details about this new variant of Petya.
‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine (McAfee) McAfee is currently investigating a ransomware campaign known as BadRabbit, which initially infected targets in Russia and the Ukraine. We are also investigating reports of infected systems in Germany, Turkey, and Bulgaria and will provide updates as more information becomes available.
Tracking the BadRabbit Ransomware to an Ongoing Campaign of Target Selection (RiskIQ) A campaign distributing the ‘BadRabbit’ ransomware is claiming victims all around the world. RiskIQ data shows it's been happening longer than you think.
Threat Lab Alert for October 27, 2017: Bad Rabbit is in Season (Comodo News and Internet Security Information) New ransomware threat called “Bad Rabbit” was discovered by Comodo Threat Intelligence Lab’s malware analysts. Learn More.
Bad Rabbit Ransomware Outbreak in Russia and Ukraine (Anomali) OverviewOn October 24, 2017, security firms and media organization began reporting about an active ransomware campaign that, as of this writing, has primarily targeted entities in Russia and Eastern Europe. The infections are believed to have initiated on October 24 at approximately 12:16 UTC, evidenced by an infected company’s tweet as shown in Figure 1. The ransomware, dubbed “Bad Rabbit,” has infected a number of organizations across Russia and eastern Europe,
Experts weigh in on ‘Bad Rabbit’, the potential next WannaCry (Security Brief) Ever heard of Bad Rabbit? It’s the newest form of ransomware causing havoc in Eastern Europe that could be coming your way soon.
Bitcoin Gold: Cyber attack mars launch of rival cryptocurrency (The Telegraph) The latest rival to bitcoin has suffered a major cyber attack on its launch, crashing the new cryptocurrency's website.
Tyrant Ransomware Spreads in Iran Disguised as Popular VPN App (BleepingComputer) The Iran Computer Emergency Response Team Coordination Center (Iran CERTCC) has issued a security alert about a ransomware distribution campaign currently active in the country.
Comodo spots Asasin extension used by ransomware - Enterprise Times (Enterprise Times) Comodo Threat Intelligence Labs spot a fourth wave of IKARUSdilapidated Locky ransomware using an unknown file extension of Asasin
Sage Ransomware Distinguishes Itself with Engaging User Interface and Easy Payment Process (PhishMe) In early 2017, the Sage ransomware distinguished itself with a fresh take on the business model for criminal ransomware operations. Built with an engaging, intuitive user interface for requesting the ransom payment, it also reinforced the fact criminals are willing to invest in developing new versions of established ransomware tools. Sage has reasserted itself as a relevant player on the already-saturated ransomware threat landscape with version 2.2. The overarching ransomware trend is clearly one that will not subside anytime soon. The criminal business model for ransomware has proven itself viable and profitable in both high-profile crises as well as in...
Special Report: October 2017 – October brings 4th wave of ransomware attacks. (Comodo Threat Intelligence Lab) An October wave of new but related IKARUSdilapidated Locky ransomware attacks has been identified, making this the fourth reincarnation of the attacks discovered by the Comodo Threat Intelligence Lab in August 2017.
The Ransomware Menace (LookingGlass Cyber Solutions Inc.) Cybercrooks love ransomware because it’s a quick and easy way to make money. The victims, whose systems and critical files are now encrypted by malware, ar, October 24, 2017
Many of the world's most famous people are terrified about a new cyber attack (Independent) Many of the world's richest and most powerful people are bracing themselves for a huge leak of their information.
As forces become more connected, are they becoming more vulnerable? (Fifth Domain) IoT is transforming the military, providing greater access to essential information and helping soldiers make decisions faster. But despite all its benefits, IoT comes with its own set of security risks.
Department of Education: Hackers are targeting elementary and high schools (CNBC) Criminals are threatening to release sensitive data from student records.
Bitcoin Gold: Cyber attack mars launch of rival cryptocurrency (The Telegraph) The latest rival to bitcoin has suffered a major cyber attack on its launch, crashing the new cryptocurrency's website.
NHS board 'vulnerable' to cyber-attack (BBC News) A vital security patch had not been fully rolled out on NHS Lanarkshire's computers, a report finds.
Cyber Trends
How Enterprises are Protecting the Endpoint (Cylance) Bad actors focus their energy on developing sophisticated attacks. In fact, 46% of organizations have been the victim of ransomware in the last year.
Seventy Percent of IT Managers Say Feds Will Rely on Hybrid Cloud Environments in 10 Years (BusinessWire) MeriTalk's new study reveals Federal agencies’ challenges associated with managing and securing hybrid cloud environments.
Are smartphones the new cyber threat vector? (Fifth Domain) Smartphones are presenting a unique cybersecurity vulnerability, according to panelists at the annual MilCom conference hosted by AFCEA.
Security can no longer be 'The department of "No"', says Thomas Fischer (Computing) Understanding is key to building better infrastructure,Security Technology ,security-spotlight,IoT,Target,network,Internet of Things
Marketplace
Cyber Insurance Market Expects Sony & Democratic Party Data Breaches to Raise Awareness in the Corporate World (Digital Journal) Cyber Insurance Market, Spurred by Yahoo’s Reduced Valuation by Verizon, Expected to Play A Greater Role in Future M&As.
Virtual Reality and Immersive Technology are Game Changers for Cybersecurity Job Growth (PRNewswire) ProtectWise™, the enterprise security company that delivers pervasive...
Allegis Capital Adds Dave DeWalt—Former FireEye CEO—To Partnership as Managing Director; Firm Also Announces Name Change to AllegisCyber. (Yahoo! Finance) Allegis Capital, an early-stage cybersecurity venture capital firm, announced today that David G. DeWalt, the previous CEO of publicly held FireEye and a highly prominent ...
Maryland's many government contractors could have a big role in creating cybersecurity startups (Technical.ly Baltimore) The area's abundance of talent working around government-center services companies is often cited as an asset. Some cyber leaders see an opportunity to spin out startups directly from those companies.
Civil Announces $5 Million In Funding From ConsenSys (4-Traders) Civil, a decentralized newsmaking platform, today announced $5 million in funding from ConsenSys, the leading global blockchain venture studio.
Pressure from cloud computing giants like Amazon forced Akamai's CEO to shift focus to cybersecurity (CNBC) The Akamai CEO said the Equifax breach helped fuel the growth of the company's own security product as it pushes into cybersecurity.
Dragos, the ICS Community's All Star Cybersecurity Team, Now has Over 100 Years' Combined Experience Securing ICS and Countering Industrial Security Threats (Business Insider) Industrial control system (ICS) cybersecurity company Dragos (https://dragos.com) today announced the addition of several key members to its team.
Cyber Threat Alliance Expands Global Footprint with Addition of Sophos and Saint Security (Cyber Threat Alliance) The Cyber Threat Alliance (CTA) today announced the addition of Sophos and Saint Security to the organization as affiliate members...
Forcepoint Extends Leadership in Securing Global Governments, Appoints New Senior Vice President and General Manager (Business Insider) Global cybersecurity leader Forcepoint today announced the appointment of Sean D. Berg as senior vice president and general manager of Global Governments to further extend the company's leadership and growth in delivering robust, hardened cyber capabilities to government customers worldwide.
Products, Services, and Solutions
Cyxtera Launches Threat Analytics Services (Cyxtera) Cyxtera Technologies, the secure infrastructure company, today announced the immediate availability of a new suite of strategic threat analytics capabilities, designed to help enterprises, service providers and public-sector organizations better predict, detect and prevent cyberattacks.
EdgeWave Launches ThreatCheck Service; Provides Immediate Threat Analysis of Suspected Phishing Emails to End Users with a Single Click (GlobeNewswire News Room) Breakthrough service applies automated machine learning and human analysis to eliminate employee uncertainty over increasingly sophisticated malicious emails
Xero Chooses Imperva to Protect Its Cloud-Based Accounting Platform From Web Application Attacks (Imperva) Imperva, Inc. (NASDAQ:IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today announced that Xero, a leading global accounting platform provider, is using the Imperva SecureSphere Web Application Firewall (WAF) and the Imperva ThreatRadar service to further safeguard its cloud-hosted applications from malicious web application attacks.
inBay Technologies Kick-Starts Collaboration with VoiceTrust (PRWeb) Cybersecurity firm and voice biometrics company ink a deal to expand their respective markets with a combined solution
Microsoft’s Sonar lets you check your website for performance and security issues (TechCrunch) The team behind Microsoft's Edge browser launched a new open-source tool today that lets you check your website -- or really any other website if you're so..
Technologies, Techniques, and Standards
Ixia on How to Protect Your Network Infrastructure from “Reaper” Botnet (BusinessWire) Ixia on How to Protect Your Network Infrastructure from “Reaper” Botnet
National Defense ISAC Announces Official Formation (PRNewswire) The National Defense Information Sharing and Analysis Center™...
Synack's Jay Kaplan Has a White Hat Hacker Army (PC Magazine) Synack co-founder and CEO Jay Kaplan has a network of white hat hackers available to rent. He talks with us about cybersecurity and how he protects his own security online.
Design and Innovation
Amazon Key will enable drivers to let themselves in to your house to deposit parcels (Computing) Err, I don't think so, thank you very much
Academia
Slovak university to research security threats in cyberspace (spectator.sme.sk) Matej Bel University will analyse potential security threats and unrest funded by a research grant from IBM.
Legislation, Policy, and Regulation
Israel eyes measures to prevent election cyber sabotage (Reuters) Israel is on guard against hacking ahead of the next general election, one of its most senior cyber security officials said, identifying Iran as posing the greatest overall risk to the country's cyber security.
Senate intelligence panel votes to renew surveillance law (Fifth Domain) There is bipartisan support for the surveillance law, which allows U.S. intelligence agencies to collect information on foreigners abroad, but some lawmakers are seeking provisions they claim will better protect Americans’ communications.
US Senate panel approves legislation to renew the National Security Agency's internet surveillance program (Tech2) Senators introduced legislation that would require the NSA to obtain a warrant for queries of data on Americans under an internet surveillance program.
Bill Calls for Cyber Training for House Lawmakers (Nextgov) Staffers are currently required to undergo cybersecurity training, but members aren’t.
DoD's Zangardi to be new DHS CIO (FederalNewsRadio.com) John Zangardi is leaving DoD to become the new chief information officer at the Department of Homeland Security, replacing Richard Starolopi.
Litigation, Investigation, and Law Enforcement
Kaspersky admits filching NSA hacking tool source code via anti-virus software (Computing) Equation Group malware picked up by Kaspersky Anti-Virus in routine scan, company claims,Security,Cloud and Infrastructure ,Kaspersky,Eugene Kaspersky,NSA,National Security Agency,Security
Kaspersky: We uploaded US documents but quickly deleted them (ABC News) Sometime in 2014, a group of analysts walked into the office of Eugene Kaspersky, the ebullient founder of Russian cybersecurity firm Kaspersky Lab, to deliver some sobering news. Kaspersky's anti-virus software had automatically scraped powerful digital surveillance tools off a computer in...
Russian firm says pirated Microsoft Office led to NSA 'backdoor' (NY Daily News) Kaspersky Lab did not say whether it told U.S. authorities about the detection of the sensitive hacking tools on the worker’s computer.
NSA bloke used backdoored MS Office key-gen, exposed secret exploits – Kaspersky (Register) Ooh, IT just got real
Time for the Feds to Say What They Know About Kaspersky (WIRED) If the US government is going to ban Kaspersky's software, it owes it to the rest of the world's security to say why.
Where Are We with Kaspersky Software? Congress Wants to Know (Government Technology) The removal of the Russian-made software from federal systems was ordered in September, but now senators are circling back for more details.
Kenya Is Barreling Toward an 'Illegal' Election (Foreign Policy) Kenya’s election crisis deepened after its Supreme Court punted on a decision to delay Thursday’s troubled rerun election.
Clinton Campaign, DNC Helped Fund Trump-Russia Dossier (Wall Street Journal) Hillary Clinton’s campaign and the Democratic National Committee were among those who paid a firm for research that led to a dossier of unverified allegations about President Trump’s activities and connections in Russia.
Analysis | The Clinton camp and DNC funded what became the Trump-Russia dossier: Here’s what it means (Washington Post) It was previously reported that Clinton supporters helped fund the dossier, but the new finding could still mean appearance problems for Democrats.
10 Things Reporters Need To Understand About The Steele Dossier (The Federalist) There's a lot of misinformation swirling about the shoddy dossier on Trump/Russia compiled by Christopher Steele. Here's what's been reported on the matter.
Dossier fight could be first legal test for Hill Russia probes (POLITICO) Fusion GPS is asking a federal judge in Washington for a restraining order to block the House Intelligence Committee from obtaining the firm's bank records.
New York Times reporters cry foul over 'Trump dossier' pushback (Washington Examiner) 'Folks involved in funding this lied about it, and with sanctimony, for a year.'