#RSAC2017: notes on cyberwar. BugDrop update. Patcher ransomware (ineptly, and not in a good way) targets Macs. Other forms of extortion rise. NSA likely to maintain VEP.

San Francisco: a look back at RSA 2017

RSA Conference 2017: From Cryptography to Mysteries of the Universe (eWeek) This year’s RSA Conference drew over 43,000 people interested in the latest in security trends, products and services. Here are some highlights.

Cyberwar talk is getting real (ZDNet) The existential threat of cyberwar has shifted from hand-waving about 'Cyber Pearl Harbor' to hand-waving about 'digital atomic bombs'. Hype? Maybe. Either way, politicians are talking tough.

Iran Intensifies Its Cyberattack Activity (Dark Reading) Middle East targets - namely Saudi Arabia - are feeling the brunt of the attacks, but experts anticipate Iran will double down on hacking US targets.

Microsoft: Security Industry Must Be 'Neutral Digital Switzerland' (Entrepreneur) Brad Smith says the security industry must become a check against nation-state cyber attacks.

Live from RSA 2017: Nation states crafting ‘meticulous’ attack code (Sophos) In the latest installment of live videos beaming directly from San Fransisco Sophos security scribe Bill Brenner chats to Mark Loman, director of engineering for next-generation tech at Sophos, about how nation-state attackers meticulously craft their attack code to evade the most advanced security products.

U.S. Army Cyber Command’s Lt. Gen. Paul Nakasone from the RSA Conference (Government Matters) Government Matters’ Francis Rose traveled to RSA and sat down with U.S. Army Cyber Command’s Lt. Gen. Paul Nakasone. They discussed budget challenges, recruitment, and retention.

Cyber Attacks, Threats, and Vulnerabilities

Cyber-Espionage Group Uses Microphones and Dropbox to Spy on Ukrainian Targets (BleepingComputer) A well-organized cyber-espionage group is infecting computers at selected targets in Ukraine, turning on their microphone to record nearby audio, stealing documents, and storing exfiltrated data inside Dropbox accounts, according to security firm CyberX...

Manafort faced blackmail attempt, hacks suggest (POLITICO) Stolen texts appear to show threats to expose relations between Russia-friendly forces, Trump and his former campaign chairman.

New macOS Patcher Ransomware Locks Data for Good, No Way to Recover Your Files (BleepingComputer) A newly discovered ransomware family calling itself Patcher is targeting macOS users, but according to security researchers from ESET, who discovered the ransomware last week, Patcher bungles the encryption process and leaves affected users with no way of recovering their files.

New crypto-ransomware hits macOS (WeLiveSecurity) Early last week, we have seen a new ransomware campaign for Mac. Written in Swift, This new ransomware is distributed via BitTorrent distribution sites and calls itself “Patcher”.

Ransomware booms with Locky, Cryptowall and Cerber accounting for 90 per cent of infections (Computing) Perennial 'favourites' remain most dangerous forms of malware, warns Check Point

Rook Security on Online Extortion (Threatpost) Mat Gangwer, CTO, and Tom Gorup, Security Operations Lead, at Rook Security talk to Mike Mimoso about the aggressive rise in online extortion and how it threatens not only data but physical safety.

Survey: 14% Of IT Execs Would Pay $500K To Avoid 'Shaming' After A Breach - Dark Reading (Dark Reading) Bitdefender report shows how negative media headlines following an attack can cause financial damage, ruin business forecasts and severely damage reputations.

'Muck spreading' Mirai malware identified as skilled attacker based in China or Taiwan (Computing) Windows Malware designed to propagate Mirai malware the work of a "skilled" attacker, warns Kaspersky

Tarrant County 911's Swift Response to Attack (NBC 5 Dallas-Fort Worth) Tarrant County 911 officials said they learned valuable lessons after the 911 district fell victim to a cyber attack.

Internet blackout: real threat or corporate hype? (Osceola Sun) Imagine a world where the internet once existed but no longer does. What kind of chaos could ensue without the World Wide Web? There wouldn’t be social media, or email,

TrapX Discovers MEDJACK3, Updates DeceptionGrid Security Platform (eSecurity Planet) New form of medical device attack is underway, but there are already ways to defend against the new incursion.

Stolen Health Record Databases Sell For $500,000 In The Deep Web (Dark Reading) Electronic health record databases proving to be some of the most lucrative stolen data sets in cybercrime underground.

The devastating impact of healthcare data breaches (Help Net Security) Half of the victims of healthcare data breaches incurred out-of-pocket costs of $2,500, on average. The breaches were most likely to occur in hospitals.

Cyber Trends

Security interview: What if a motivated attacker targets your company? (MIS Asia) Computerworld Malaysia conducts a 'rapidfire' cybersecurity roundup interview with Kane Lightowler, APJ MD for Carbon Black.

Marketplace

Traditional defence players turn their attention to cybersecurity (GulfNews) The move comes admid an industry-wide move to more computer-driven interconnected defence platforms

BAE boss Ian King has skippered defence giant through stormy seas (The Telegraph) “Keeping the ship on an even keel” was how one veteran BAE Systems watcher described Ian King’s time at the tiller of the defence giant.

General Dynamics awarded DIA contract (C4ISRNET) "General Dynamics will provide a variety of technical, functional and managerial services, including cyber security engineering and incident detection and response and threat fusion services," according to a company announcement.

Accenture acquires iDefense Security Intelligence from VeriSig (Consultancy) Accenture has acquired iDefense Security Intelligence from VeriSign.

Axway Announces the Acquisition of Syncplicity (Sys-Con Media) Axway (Paris:AXW) (Euronext: AXW.PA), a catalyst for transformation, today announced the all-cash acquisition of Syncplicity, a leading enterprise file sync and share (EFSS) solution that provides users with the experience and tools they need for secure collaboration.

Report: Verint to sell cyberintelligence unit (Newsday) Verint Systems Inc., a maker of analytic software, plans to sell its cyberintelligence unit, according to a report published Wednesday.The unit is estimated to be

Tanium Adds Two Board Members, Appoints Executives to Key Posts (BusinessWire) Tanium announced today Aon Senior Vice President and Chief Security Officer Anthony Belfiore and former Frontier Communications CEO Maggie Wilderotter

Deepening its Cyber Bench, Team8 Adds David DeWalt, Former CEO and Chairman of McAfee and FireEye, to its Board of Directors (PRNewswire) Team8, Israel's leading cybersecurity think tank and venture creation...

Products, Services, and Solutions

Stethoscope spurs employees to implement better security practices (Help Net Security) Stethoscope is a web application that collects info about users' devices and provides them with recommendations to implement better security practices.

South River Technologies Provides HIPAA-Compliant File Storage and Transfer Solution to Pathways Home Health and Hospice (Marketwired) South River Technologies Inc. (SRT), an innovator in secure file sharing, has today announced that its Cornerstone Managed File Transfer Server has been deployed as part of Pathways Home Health and Hospice's HIPAA-compliant file sharing solution.

Cisco Rolls Out New Firepower Next-Gen Firewall Series, Bringing High Performance Security Appliances To The Midmarket (CRN) The Cisco Firepower 2100 Series is designed to bring higher performance and throughput to the midmarket, with sales incentives and profitability options for partners, the company said.

Technologies, Techniques, and Standards

Cyber warriors need constant training, says senior Navy official (C4ISRNET) According to the commander of Fleet Cyber Command, cyber warriors need constant training to prevent atrophy of skills.

Strike on ISIS Drone Cell Highlights Airman's Novel Intel Methods (Military.com) Using intel spotted by a US airman thousands of miles away, warplanes bombed sites where ISIS militants manufactured drones.

Microsoft commits to GDPR compliance in the cloud by 2018 deadline (SearchSecurity) Microsoft announces cloud GDPR compliance will be in place by the May 2018 deadline, though companies worldwide must still take action to avoid huge fines.

How SMBs Can Conquer Ransomware (Small Biz Technology) You don’t have to look far past the news headlines to see that ransomware is a big and growing problem today. And companies have a lot to lose — $1 billion per year, to be exact.

Overcome main challenges to prepare a cyber resilience (Infosecurity Magazine) How to overcome the main challenges, and prepare a cyber resilient state

How to hunt for attackers who don’t want to be found (Infosecurity Magazine) How CISOs can hunt for the attackers who don’t want to be found

When is it legitimate to hack back against an adversary? (Infosecurity Magazine) The UK cyber strategy made steps to legitimize hacking back against an adversary

Design and Innovation

IBM, Northern Trust partner on financial security blockchain tech (ZDNet) Can the cryptocurrency technology pave the way for more secure and transparent private equity funds?

Academia

Verizon joins forces with Nanyang Technology University's Business School on cybersecurity risk research (PRNewswire) Verizon Enterprise Solutions and Nanyang Technology University's (NTU)...

Legislation, Policy, and Regulation

Russia military adds new branch: Info warfare troops (Fifth Domain | Cyber) Russian military officials acknowledge existence of information warfare troops, which "protect the national defense interests and engage in information warfare."

Confronting the Russian cyber threats (SecurityInfoWatch.com) U.S. intelligence agencies face challenges meeting Russian threats and new administration’s doubts

A new era for information warfare (C4ISRNET) As the nature of warfare is changing, the services are looking toward new models of information operations.

Cyberwar is like a soccer game with fans on the field (C4ISRNET) Cyberwarfare is a chaotic environment that resembles a sporting event in which the spectators are on the field with the players.

NSA will continue to disclose zero-day bugs under Trump... for now (International Business Times UK) Intel officials say US president unlikely to change rules around disclosure of software vulnerabilities.

Navy officials: Buying the right amount of cyber [Commentary] (Fifth Domain | Cyber) No one wants to be caught flat-footed or seen as not taking cyber defense seriously. In this environment, it would be easy to overspend and foist a cost-imposition strategy on ourselves.

U.S. 10th Fleet commander encourages cyber partnerships (C4ISRNET) The head of U.S. Fleet Cyber Command/10th Fleet has stressed the importance of cyber partnerships to synchronize efforts and mitigate friendly fire.

Microsoft, Stripe Urge Federal Bank Regulators to Go Cautiously on Cyber Regs (National Law Journal) Microsoft and Stripe are urging federal banking regulators not to draw cybersecurity rules for the largest banks so narrowly that they exclude innovative tec...

CDO for Trump steps down amid business conflicts (FederalNewsRadio.com) Sources say Gerrit Lansing did not want to give up his ties to an online donation platform he helped start.

Litigation, Investigation, and Law Enforcement

Indiana joins Idaho in claiming DHS tried to hack their election systems (Computerworld) Indiana claims DHS scanned the state's electoral system tens of thousands of times without permission.

FBI in the Dock Over iPhone Hack Details (Infosecurity Magazine) FBI in the Dock Over iPhone Hack Details. Media groups want to know who cracked phone

Terror threat posted on Whisper leads to arrest (Engadget) Feds got his IP address and coordinates from the anonymous app.

UK crime agency arrests suspect in Deutsche Telekom cyber attack (Reuters) Britain's National Crime Agency (NCA) has arrested a suspect in connection with last year's cyber attack which infected nearly 1 million Deutsche Telekom routers, German federal police said on Thursday.

INTERPOL's Michael Moran Receives 2017 M3AAWG Litynski Award; Urges Industry to Improve Defenses Against Child Abuse Materials (Benzinga) Michael "Mick" Moran, who has helped rescue thousands of child abuse material victims since he started working in the field in 1997, challenged the internet industry to do more to protect innocent children as he received the 2017 M3AAWG Mary Litynski Award today.

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Inaugural Yorkshire and Humber Cyber Protect Business Conference (Leeds, England, UK, Feb 28, 2017) The aims and objectives of this conference are to raise cyber awareness built around the 10 steps to cyber security, provide an environment and opportunity for professionals to network and share experiences and solutions, connect industry, academia and law enforcement collaborating to drive innovation and creativity to find effective and efficient methods to protect businesses and pursue cyber criminals and to promote the CISP network and membership. The audience will be made up of small, medium enterprises from around the Yorkshire and Humber region, law enforcement, police partners and industry and academic partners.

North American International Cyber Summit (Detroit, Michigan, USA, Jul 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Upcoming Events

Risky Business (London, England, UK, Feb 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can take to protect the best interests of your firm and your client.

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, Feb 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers, Automotive insurance companies, and automotive cyber security experts to address government regulations developing trends, Automotive cyber security standards, updated vulnerabilities, “Black Hat” behaviour motivations, State-of-the-Art technology solutions, critical cyber security challenges and collaboration initiatives; Help you to understand tailored smart car cyber security products and solutions, build up a set of effective cyber security management system and improve the capability of protecting smart cars. This second to non Automotive cyber security industry event will assure you to understand China Automotive cyber security industry business opportunities, network with China local customers and consolidate your worldwide leadership.

Second Annual International Security Conference (Riyadh, Saudi Arabia, Feb 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify their portfolio into international companies, particularly in the field of cyber security sectors where innovation could benefit the regional cyberdefense capacity.

SANS Dallas 2017 (Dallas, Texas, USA, Feb 27 - Mar 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, Feb 28 - Mar 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, Mar 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, Mar 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.

SANS San Jose 2017 (Milpitas, California, USA, Mar 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, Mar 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army, Air Force, Navy, and Marine platform cybersecurity initiatives? What can we learn from connected car and autonomous initiatives in the automotive industry? Who and what is driving acquisition reform to ensure agility and speed? What are the supply chain impacts? What are the “seams” that create vulnerabilities? Who and what is driving cybersecurity platform requirements? What is being done to assess execution readiness? What are platform stakeholders doing technically to address vulnerabilities?

15th annual e-Crime & Cybersecurity Congress (London, England, UK, Mar 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, Mar 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, Mar 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, Mar 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, Mar 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, Mar 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, Mar 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, Mar 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, Mar 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.

European Smart Grid Cyber Security (London, England, UK, Mar 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, Mar 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.

SANS Pen Test Austin 2017 (Austin, Texas, USA, Mar 27 - Apr 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

Insider Threat 2017 Summit (Monterey, California, USA, Mar 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, Mar 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, Mar 30 - Apr 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.