The CyberWire Daily Briefing 2.9.17

Summary

By The CyberWire Staff

A wave of fileless malware is reported to have infected more than one hundred forty banks in forty countries. A bank's security team noticed Meterpreter code inside a domain controller's physical memory. Kaspersky researchers investigated and found PowerShell scripts within Windows registries. The attackers, apparently criminals, not state actors, extracted privileged credentials with the goal of compromising systems that control ATMs. Fileless attacks, which embed their code in legitimate tools already present in the victim's environment, are notably more difficult to detect than more traditional malware infestations.

Mirai has been modified into a version capable of spreading across Windows-based systems. According to Dr. Web, which discovered the variant, this new variety doesn't rope Windows systems into botnets. Rather, it propagates through Windows systems until it finds a vulnerable Linux device, which it then incorporates into a botnet. Observers expects to see new distributed denial-of-service attacks as Mirai and other tools continue to become commodities accessible to more criminals.

Ransomware remains the other popular criminal caper. Trend Micro reports that Remote Desktop Protocol brute force attacks are being used to distribute CRYSIS ransomware. SANS has an analysis of the distribution of CryptoShield through the RIG exploit kit.

More VC and M&A news: Forcepoint buys Imperva's Skyfence, Accenture acquires Endgame's Federal business, and both Exabeam and HackerOne receive substantial investments.

A US Federal grand jury yesterday released its indictment of former NSA contractor Harold Martin: twenty counts of willfull retention of sensitive information. Affected agencies include NSA, CYBERCOM, DoD, NRO, and CIA.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Austria, Bolivia, Brazil, Bulgaria, Cambodia, Canada, China, Congo, Cyprus, Ecuador, Egypt, Estonia, European Union, France, Holy See, India, Indonesia, Iran, Israel, Kazakhstan, Kenya, Libya, Luxembourg, Madagascar, Moldova, Mongolia, Morocco, New Zealand, Pakistan, Paraguay, Peru, Russia, Saudi Arabia, Spain, Tanzania, Turkey, Tunisia, Uganda, Ukraine, United Kingdom, United States, Venezuela, and and Vietnam.

A note to our readers: Those interested in an overview of current cyber security issues as they affect aerospace operations may wish to check Cosmic AES Signals and Space Monthly Cyber Security Briefing, prepared for the signals and space experts by the CyberWire. You can subscribe to this monthly edition tailored to space interests here.

On the Podcast

In today's podcast, Joe Carrigan (representing our partners at the Johns Hopkins University) will discuss third-party DNS servers. Our guest is Travis Howe from Conga, talking about the ways in which online privacy has gone mainstream.

The special prognostication edition of our podcast is also available. In this one we speak with industry experts and editors covering the cyber beat to get their take on the outlook for 2017 in cyber security.

Sponsored Events

Deep Instinct (San Francisco, CA, USA, February 13 - 17, 2017) Meet us at RSA Conference 2017. Visit booth #N4805. Book a meeting.

E8 Security (Chronicle Books Metreon, San Francisco, CA, USA, February 15, 2017) E8 Security Invites You To An Exclusive Book Signing and Cocktail Party at RSA with Author Gary Hayslip

Hacking The Home (Fulton, MD, USA, February 26, 2017) DataTribe, a startup crucible for entrepreneurs, is sponsoring a February 2017 Hacking the Home contest. Teams will be competing to develop new product functionality, integrations, skills, and/or exploits around the growing ecosystem of home automation devices.

Selected Reading

Dateline

Opinion: How to have a FUD-free RSA Conference (The Christian Science Monitor Passcode) The key to a productive RSA Conference, the massive cybersecurity gathering that kicks off next week in San Francisco, is avoiding firms that push fear, uncertainty, and doubt.

What to Watch (& Avoid) At RSAC (Dark Reading) A renowned security veteran shares his RSA dance card, offering views on technologies destined for the dustbin of history and those that will move the industry forward.

ManageEngine Launches Log Analysis, Auditing Solution for Multi-Cloud Environments (Manage Engine) Cloud Security Plus monitors, secures, audits Amazon Web Services and Azure environments; to be exhibited at RSA Conference 2017

Spirent Highlights Expanded Security Focus at RSA 2017 (BusinessWire) Enhanced Cyberflood security validation tool preview and talk by Guy Buesnel on threats to global navigation satellite systems

Recorded Future to Speak on Ransomware and the Dark Web at RSA Conference USA 2017 (Military Technologies) Recorded Future, the threat intelligence company, today announced it has been invited to speak at the inaugural RSAC 2017 Ransomware Summit taking place during RSA Conference USA 2017.

Cylance CEO Stuart McClure to Hack a Voting Machine Live at RSA Conference 2017 (BusinessWire) McClure, Chief Security and Trust Officer Malcolm Harkins, Data Scientist Brian Wallace and Research Engineer Andy Wortman will present sessions

Cyber Attacks, Threats, and Vulnerabilities

Banks around the world hit with fileless malware (Help Net Security) What makes these attacks unusual is the criminals' use of widely used legitimate tools and fileless malware dropped in-memory.

A rash of invisible, fileless malware is infecting banks around the globe (Ars Technica) Once the province of nation-sponsored hackers, in-memory malware goes mainstream.

Nothing to see here? Banks' latest cybersecurity concern (American Banker) The latest cyberattacks on banks (and others including the Democratic National Committee) can no longer be found by traditional means, as they lurk in memory and necessary computing tools.

Mirai Gets a Windows Version to Boost Distribution Efforts (BleepingComputer) Security researchers have stumbled upon a Windows trojan that hackers are using to help with the distribution of the infamous Mirai Linux malware, used to infect IoT devices and carry out massive DDoS attacks.

Everything old is new again: Experts predict a flood of denial-of-service attacks (DDoSInfo) As IoT goes mainstream Mirai-style denial-of-service botnet attacks are escalating, and hackers are targeting health care companies, financial services, and the government. The hottest trend in cyberattacks is an archaic and simplistic hacker tool.

Nexusguard DDoS research shows hackers used blended cyberattacks on financial, government sectors (Asia One) Distributed denial of service (DDoS) attacks increasingly formed blended attacks of four or more vulnerabilities over the course of the fourth quarter of 2016, with an intent to overload targeted monitoring, detection and logging systems, according to Nexusguard 's " Q4 2016 Threat Report ."

Q4 2016 DDoS Threat Report (Nexusguard) In Q4 2016, 1Tbps DDoS attack often heralded in catchy headline. Access Nexusguard's Quarterly DDoS Threat Report today.

4 Ways Bots Can Affect Your Online Media And Publishing Business - Information Security Buzz (Information Security Buzz) Automated programs known as bots are used for doing repetitive tasks, at exceptional speed, which are impossible for humans to think of.

Thinking About a Mobile VPN? Be Careful Which One You Pick (WIRED) Recent research suggests that many VPNs for Android have privacy and security flaws, and the problem of choosing a reliable VPN goes even further.

Brute Force RDP Attacks Plant CRYSIS Ransomware (TrendLabs Security Intelligence Blog) In September 2016, we noticed that operators of the updated CRYSIS ransomware family (detected as RANSOM_CRYSIS) were targeting Australia and New Zealand businesses via remote desktop (RDP) brute force attacks.

CryptoShield Ransomware from Rig EK (SANS Internet Storm Center) At the end of January 2017, BleepingComputer published a report about an updated variant of CryptoMix (CryptFile2) ransomware calling itself CryptoShield

G DATA analysiert neuartige Ransomware (IT-Markt) Spora verbreitet sich als Wurm und verschlüsselt unbemerkt Dateien.

Ransomware 2.0: Anatomy of an emerging multibillion business (CSO Online) What to expect from and how to resist the fastest growing sector of cybercrime in 2017?

Triada Replaces Hummingbad as No 1 Mobile Threat (Infosecurity Magazine) Triada grants super-user privileges to downloaded malware.

New Malware Underscores the Danger of Assumed Mac Security (The Mac Security Blog) This week researchers found a piece of malware in the wild, built to steal passwords from the macOS keychain. Named "MacDownloader" and posing as, what else, a fake Flash Player update, the new mal...

Mac malware is still crude, but it’s slowly catching up to its Windows rivals (Ars Technica) A tale of two attacks that both target MacOS users.

Majority of Websites Are Vulnerable to Hacking for Hire (Infosecurity Magazine) Only 33% have no found vulnerabilities, showing significant needed improvement on enterprise security.

Sports Direct fail to tell staff about major cyber attack on personal details (The Sun) SPORTS Direct failed to tell its workers about a major data breach that saw personal information accessed by hackers. A cyber attacker gained access to internal systems containing details for phone…

Beware the latest tax-season spear-phishing scam (Naked Security) This year’s variation on the CEO scam goes after W-2 forms and then adds a wire fraud on top

RiskIQ's 2017 Valentine’s Day Dating App Report (RiskIQ) Valentine's Day causes a recurring seasonal spike in the availability and downloads of legitimate, illegitimate, and malicious mobile dating apps.

This Teen Hacked 150,000 Printers to Show How the Internet of Things Is Sh*t (Motherboard) “It was just a night I was bored to be honest, doing random sh*t.”

Security Patches, Mitigations, and Software Updates

Valve Patches Trivial XSS Bug in Steam (Threatpost) A cross-site scripting vulnerability on the Steam gaming platform has been patched. The flaw could be exploited by simply viewing a crafted profile.

St. Jude Medical admits new cardiac device flaws discovered, issues patch update (ZDNet) The medical device maker has fixed another Merlin@home Transmitter flaw which makes them vulnerable to cyberattacks.

Cyber Trends

Signals & Space Monthly Cyber Security Briefing (Cosmic AES) Since cyberspace has become effectively a third global commons, joining the sea and space, it's natural that policymakers, strategists, and legal experts should turn to the norms that have evolved in the two older domains for guidance.

Marketplace

Why Your Company Could Be Wrong About Cyber Risks (Fortune) There's a dialogue of the deaf in too many companies.

Soon, organizations will be valued on their information portfolios (Help Net Security) By 2021, the prevalence of equity analysts valuing organizations' information portfolios in valuing businesses will spark internal information valuation.

VC Firm Trident Capital Raises $300 Million for Cybersecurity Startups (Fortune) It's one of the largest funds in this space.

Machine Learning at Heart of Security M&A Splurge | Light Reading (Light Reading) Four acquisitions in a week all point to the growing importance of machine learning for major security system vendors.

Forcepoint™ Acquires Skyfence to Extend its Leadership in Cloud Security & Data Leakage Prevention Solutions (Forcepoint) Global cybersecurity leader Forcepoint™ today announced the acquisition of the Skyfence business from Imperva.

IT security firm Sophos rises after $100 million Invincea deal (Reuters) British IT security company Sophos (SOPH.L) has agreed to buy malware protection company Invincea for $100 million to bolster its product line and give it a stronger presence in the U.S. government, healthcare and financial services sector.

Accenture to Expand Proactive Cybersecurity Defense Services Capabilities with Acquisition of Endgame Federal Services Business (BusinessWire) Accenture (NYSE: ACN) has entered into an agreement to acquire the U.S. federal government services business of Endgame Inc., a privately held endpoint detection and response (EDR) cybersecurity software company based in Arlington, VA.

After cracking the US military, HackerOne gets $40 million in funding (The Verge) HackerOne was very busy last year finding vulnerabilities in some of the most sensitive software used by the United States military. The Department of Defense selected HackerOne to run the US...

Exabeam Scores $30 Million Series C (Silicon Valley Daily) Exabeam, a developer of security intelligence solutions, has raised $30 Million in series C funding, led by Lightspeed Venture Partners and Cisco Investments.

Cisco, Lightspeed back security startup targeting Splunk, HPE (Silicon Valley Business Journal) Two of the players involved in the recent sale of AppDynamics helped a San Mateo security startup raise $30 million in new funding.

Revolutionary Security Forms Strategic Partnership and Receives Investment from Guidepost Solutions (PRNewswire) Revolutionary Security LLC, a full service cyber security firm,...

Palo Alto Networks: An Emerging Leader In Cyber Security (Seeking Alpha) Our recommendation is a long with a price target of $147.83 for a 16.7% upside over a 1-2 year time horizon. Our thesis focuses on PANW’s ability to leverage it

Behind FireEye’s Recent Plummet (Investopedia) Shares of the threat-detection leader are at about half their IPO price after a Q4 earnings miss.

FireEye: Turnaround Concerns Are Exaggerated (Seeking Alpha) Recommend long position with 30% upside and 2-3 year horizon. Concerns of business turnaround exaggerated: no crowd-out effect, and strong management. Transitio

AT&T, IBM, Palo Alto Networks, Symantec, Team Up In IoT Security (Dark Reading) IoT Cybersecurity Alliance is made up of AT&T, IBM, Nokia, Palo Alto Networks, Symantec, and Trustonic.

Corero off to fast start in 2017 with contract win (Proactiveinvestors UK) Corero Network Security PLC (LON:CNS) - Corero is convinced it has the best product out there; it is simply a matter of getting its foot in the door at enough companies to achieve scale

CRN Exclusive: ThreatTrack Security Launches New Vipre Partner Program, Looks To 'Aggressively' Recruit New Partners (CRN) ThreatTrack Security has launched a new partner program for its Vipre endpoint security solution, the company announced Wednesday, as part of a push to "aggressively" recruit new SMB partners.

Wynyard Group and subsidiary in liquidation (The National Business Review) Wynyard Group has finally been tipped into liquidation.

Appian Appoints Bobbie Kilberg to Board of Directors (Marketwired) Appian announced today that Bobbie Kilberg, President and CEO of the Northern Virginia Technology Council, has been appointed to its Board of Directors.

SecureAuth Appoints Jeffrey Kukowski as Chief Executive Officer (SecureAuth) Company continues record growth reinventing archaic multi-factor authentication and single sign-on approaches

Jeff Spence to lead cyber startup NexDefense (Atlanta Business Journal) Jeff Spence has been named CEO of NexDefense Inc., an Atlanta-based industrial cyber security software provider.

ThetaRay reinforces its commitment to financial sector with new executive hire (SecurityInfoWatch.com) Former Sungard alum James Heinzman joins team as VP of Financial Service Solutions

Hexadite Adds Cylance Chief Research Officer Jon Miller to Advisory Board (BusinessWire) Noted security expert to guide company through exploding demand for security automation

Products, Services, and Solutions

E8 Security's Fusion Platform Transforms Security Operations By Answering Questions Security Analysts Didn't Know to Ask (Marketwired) Powered by a big data infrastructure, the E8 Security Fusion Platform utilizes machine learning and behavioral analytics to uncover unknown malicious activity; reduce long investigative processes

ForeScout Extends Visibility and Control Capabilities to the Cloud with Amazon Web Services - ForeScout (ForeScout) ForeScout’s new solution for Amazon Web Services enables visibility into cloud workloads on the world’s most comprehensive and broadly adopted cloud platform Agentless approach provides organizations with increased visibility and control across their entire network environment

DFLabs Launches the First Security Automation and Orchestration Platform based Upon Supervised Active Intelligence™ (BusinessWire) IncMan 4.0, DFLabs’ flagship platform, to help cybersecurity operations and incident response teams tackle automation challenges with machine learning

Cyberbit's EDR Platform to Help Infor Detect Malware that Bypasses Antivirus Systems (PRNewswire) Cyberbit, whose cybersecurity solutions protect the world's most...

SyferLock Announces Integration to Provide Multi-factor Authentication for Lieberman Software's Privileged Identity Management Platform (Bobsguide) SyferLock Technology Corporation today announced that it has proven interoperability of its GridGuard™ two-factor and multi-factor authentication solutions with Lieberman Software’s privileged identity management platform, Enterprise Random Password Manager™ (ERPM).

PasswordPing Ltd. Launches Exposed Password and Credentials API Service for Enterprises (PRNewswire) PasswordPing Ltd. announced the launch of its password and credential...

Trivalent Delivers its Next Generation Data Protection™ for Windows® OS with Trivalent Protect™ (Marktewired) Leading-edge data protection technology company unveils product to protect data on Windows

CIRA Selects Nominum to Deliver a Safe, Reliable Internet to Canadian Business Market — Nominum (Nominum) Nominum N2 Security Solutions Protect Business and Public Sector Users from Fast-growing Cyberthreats through Cloud-based Advanced Content Filtering

Lastline Illuminates Advanced Malware Behaviors To Defeat Cyber Attacks - Information Security Buzz (Information Security Buzz) Lastline Inc., the leader in advanced malware protection, announced its latest enhancements to Lastline Enterprise for Global 5000 companies.

Kudelski Security Launches Its U.S. Cyber Fusion Center and Pioneers New Approach to Managed Services (PRNewswire) Kudelski Security, the cybersecurity division within...

Qualys Expands Global Cloud Platform with Three New Secure Operations Centers (SOCs) (Marketwired) New European Union, India and North America SOCs built recently in response to anticipated growth and compliance with new data regulations

2017 Cybersecurity Product Awards - Winners and Finalists - Cybersecurity Excellence Awards (Cybersecurity Excellence Awards) The 2017 Cybersecurity Excellence Awards honor individuals, products and companies that demonstrate excellence, innovation and leadership in information security.

vArmour Announces Secure Cloud Platform to Deliver Built-in Security for Sensitive and Regulated Environments (Marketwired) vArmour Secure Cloud Platform segments and micro-segments data center workloads and applications on the Nutanix Enterprise Cloud Platform

Rapid7 demystifies penetration testing (Computerworld) A deep dive into penetration testing -- the choices made and some surprising findings

SecureAuth Sets New Bar for Secure Authentication with Phone Number Fraud Prevention Capabilities (SecureAuth) Companies can simultaneously improve security posture and user experience while further consolidating security infrastructure

Accenture Debuts Hardware-Based Security Solution to Simplify and Enable Blockchain Security for Large-Scale Enterprise IT Use (BusinessWire) Integration of blockchain technology with Thales Hardware Security Module addresses key distributed ledger risks for financial services, government, healthcare and other sectors

Closing the Retail Cybersecurity Gap Between Breaches and Fraud (Military Technology) While retailers are getting better at combatting cybersecurity threats to customer data, few are prepared to combat the fraud that happens after a hack.

CRN Exclusive: Kudelski Security Says It Now Has The Ultimate Managed Security Service (CRN) Kudelski Security has launched a new offering that it says will shake up the managed security services market, bringing together both legacy and emerging security technologies to address new security needs.

Trend Micro announces Deep Security 10 for protecting servers across Hybrid Cloud (DATAQUEST) Trend Micro Incorporated, a provider in cyber security solutions, announced the upcoming availability of Trend Micro Deep Security 10, powered by XGen Security. XGen Security is a blend of cross-generational...

Carbon black unveils breakthrough technology ‘streaming prevention’ to stop both malware and non-malware attacks (Whatech) ‘Streaming Prevention’ stops more attacks than traditional and machine-learning antivirus (AV), which only stop commodity malware

Webroot's new products harness machine learning for network & web traffic security (Security Brief) Webroot is promising deep network and web traffic visibility in its latest platform expansion, as it brings machine learning on board.

ZingBox Delivers “Internet of Trusted Things” by Combining Artificial Intelligence and Behavior Enforcement into Single Solution (BusinessWire) IoT Guardian is industry’s only IoT security solution to leverage individual personality of connected devices, and first to protect services–not just data

Technologies, Techniques, and Standards

Malware detection: Centre sends ISPs guidelines to update software (The Hindu Business Line) To deliver faster results to consumers with regard to malware, the Centre has recentl

Security practices need to evolve in order to handle complex threats (Help Net Security) There is no one-size-fits-all security solution. Each organization has unique security obstacles and obligations, and its own way to handle complex threats.

Study: Cybersecurity threat hunting on the rise (Fifth Domain | Cyber) Based on a comprehensive survey of cybersecurity professionals in the 350,000-member Information Security Community on LinkedIn, the research report reveals that cyber threats are rising dramatically and that deployment of sophisticated threat hunting platforms and methods in security operation centers

Design and Innovation

Consortium Publishes Manifesto on Autonomous Vehicle Security (Threatpost) A new industry consortium publishes a manifesto it hopes will foster cooperation on the security of autonomous vehicles.

FASTR—Future of Automotive Security Technology Research—Releases Manifesto, “Toward Tomorrow’s ‘Organically Secure’ Vehicle” (BusinessWire) Karamba Security and Rambus join FASTR consortium to collaborate on automotive-security innovation

Army holds 'Solariums' on strategic importance of secure software (Fifth Domain | Cyber) The Army is currently grappling with challenges in software sustainment and development.

Research and Development

Towards Equal Access to Digital Coins (Science Newsline) Scientists at the Interdisciplinary Centre for Security, Reliability and Trust (SnT) of the University of Luxembourg have developed an important mathematical algorithm called "Equihash".

What Makes Bitcoin Great? One Scientist is On a Quest to Find Out - CoinDesk (CoinDesk) Academics still aren't sure why bitcoin is so robust, but one Cornell professor has made it her mission to find out.

DARPA developing devices to safely send data over unsecure networks (Fifth Domain | Cyber) The goal is to allow a mix of devices and security classification levels to transmit secure information over unsecured networks.

Legislation, Policy and Regulation

Did Russia’s Election Meddling Break International Law? Experts Can’t Agree (Defense One) Right now, that’s a gray area — and it’s hindering the U.S. response to influence operations.

Opinion: The trouble with Trump's Russia reset (The Christian Science Monitor Passcode) Until Russia backs away from a strategy of digital attacks – coupled with physical strikes – and spreading disinformation to undercut democracy, the pursuit of better relations with Putin is a mistake.

US Secret Service trains Estonia to handle cyber threats (Fifth Domain | Cyber) Estonia has teamed up with the U.S. Secret Service ahead of its first European Union presidency to train local officials to handle cyber threats — the greatest of which comes from Russia, according to the nation's foreign intelligence service.

()

Trump’s Cybersecurity Chief Could Be a ‘Voice of Reason’ (WIRED) Homeland security advisor Tom Bossert stands out in Trump's cabinet as a cautious wonk among hotheads.

NSA Executive Explains Logistics of Possible Cyber Command Split (Meritalk) If the National Security Agency and Cyber Command were to split, NSA Executive Director Corin Stone explained that any disagreements between the agencies would be decided by the secretary of defense and the director of national intelligence, to ensure fair judgment.

Army announces service, civilian cyber workforce pilots (Fifth Domain | Cyber) The Army in conjunction with DoD is standing up a pair of pilots for its cyber workforce.

Army looking at direct commissions for civilian cybersecurity experts (Stars and Stripes) Civilians with expertise in cybersecurity could be directly commissioned into the Army with a rank up to colonel to help the service improve its expanding cyber domain operations under a Pentagon pilot program authorized in recent weeks.

Litigation, Investigation, and Enforcement

Former NSA contractor facing 200 years for stolen docs (Fifth Domain | Cyber) A federal grand jury unveiled an indictment Feb. 8 charging former NSA contractor Harold Martin with stealing highly classified documents over the course of a 20-year career.

Former NSA contractor indicted over 50TB gov't classified data theft (ZDNet) The former contractor reportedly spent 20 years pilfering government secrets and helping himself to the cream of the NSA's hacking tools library.

The Alleged NSA Thief Stole Information Impacting At Least Five US Agencies (Motherboard) On Wednesday, the Department of Justice indicted former NSA contractor Harold Thomas Martin III with willful retention of national defense information.

For indicted NSA contractor, hoarding classified documents became an obsession (Mcclatchydc) U.S. prosecutors say federal contractor stole top-secret documents from National Security Agency, CIA and other intelligence agencies. Harold Martin “flagrantly abused the trust” the U.S. government placed in him, prosecutor says.

Some DHS Employees Are Suspicious of 'Extreme Vetting' (Defense One) The Department of Homeland Security has 30 days to figure out what "extreme vetting" means. Some DHS officials and counterterrorism experts find the concept dubious.

Chinese Police Use of Commercial Mobile Apps (Wapack Labs) The use of common mobile apps by Chinese authorities is a double-edged sword; supporting both public services as well as enhanced surveillance

Police mine Facebook for data on inauguration protesters (Naked Security) Mobile devices and social media accounts targeted by police in the aftermath of arrests

Why did a judge order Google to hand over emails from outside the US? (Naked Security) Privacy campaigners and tech companies are closely watching what happens next

VIZIO to Pay $2.2 Million to FTC, State of New Jersey to Settle Charges It Collected Viewing Histories on 11 Million Smart Televisions without Users’ Consent (Federal Trade Commission) VIZIO, Inc., one of the world’s largest manufacturers and sellers of internet-connected “smart” televisions, has agreed to pay $2.2 million to settle charges by the Federal Trade Commission and the Office of the New Jersey Attorney General that it installed software on its TVs to collect viewing data on 11 million consumer TVs without consumers’ knowledge or consent.

‘Top 10 Spammer’ Indicted for Wire Fraud (KrebsOnSecurity) Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email purveyor tagged as one of the World’s Top 10 Worst Spammers, was indicted this week on federal wire fraud charges tied to an alleged spamming operation.

Russia Arrests Nine More Involved with the Lurk Malware (BleepingComputer) Russian authorities arrested nine hackers they suspect of being involved in the distribution of the Lurk malware. This is the second wave of arrests after authorities apprehended 50 suspects in May 2016.

Moldovan pleads guilty in computer malware scheme (TribLIVE.com) A Moldova resident pleaded guilty Wednesday in U.S. District Court in Downtown Pittsburgh in connection with an international malware scheme devised to steal personal and ...

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber Protect Conference (Nottingham, England, UK, February 9, 2017) Business owners have been invited to attend Nottinghamshire's first-ever cybercrime conference to learn how to better protect their data. The Cyber Protect Conference is being jointly hosted by the county's Police and Crime Commissioner Paddy Tipping and Nottinghamshire Police, and will include presentations from cyber security experts. The event, which takes place on Thursday, February 9, at The Atrium in Nottingham, is free of charge and open to small and medium-sized enterprises (SMEs) across the county.

Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, February 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively focused on workplace violence and responding to an active shooter event. Presenters include experts from the Occupational Safety and Health Administration (OSHA), and the Maryland State Police. It's free to attend. Prominent among the topics to be discussed will be threats directed from the Internet.

RSA Conference 2017 (San Francisco, California, USA, February 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace new and unique perspectives from a broadly diverse base of people and sources. RSA Conference 2017 provides the opportunity for all attendees at all levels to grow their knowledge, exchange ideas with peers and further their careers. With opportunity comes great responsibility for the future. Our actions today will have a lasting impact on the strength of the industry—and the safety of the world—tomorrow. At RSA Conference 2017, you will learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, February 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid foundation for standardizing threat information. This large group of public and private sector organizations and companies are working together to advance the STIX/TAXII specifications in the OASIS Cyber Threat Intelligence Technical Committee. These specs have already dramatically streamlined the analysis of threat data. We invite cybersecurity experts and decision makers to be part of the conversation.

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, February 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.

Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, February 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24, 2017 at the Global Situational Awareness Center at NASA/Kennedy Space Center, Florida.

Risky Business (London, England, UK, February 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can take to protect the best interests of your firm and your client.

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, February 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers, Automotive insurance companies, and automotive cyber security experts to address government regulations developing trends, Automotive cyber security standards, updated vulnerabilities, “Black Hat” behaviour motivations, State-of-the-Art technology solutions, critical cyber security challenges and collaboration initiatives; Help you to understand tailored smart car cyber security products and solutions, build up a set of effective cyber security management system and improve the capability of protecting smart cars. This second to non Automotive cyber security industry event will assure you to understand China Automotive cyber security industry business opportunities, network with China local customers and consolidate your worldwide leadership.

Second Annual International Security Conference (Riyadh, Saudi Arabia, February 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify their portfolio into international companies, particularly in the field of cyber security sectors where innovation could benefit the regional cyberdefense capacity.

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Fileless malware hits banks worldwide. Mirai now capable of spreading via Windows systems. Ransomware updates. VC and M&A notes. Former NSA contractor's indictment unsealed.