Reports of "globally coordinated cyber attack" against four industrial sectors in 50 countries. KillDisk becomes ransomware. US Intelligence Community tells Senators Russia hacked the DNC (a full report is promised next week).
Some instructive analysis of this week's interference with google-dot-com-dot-br is out.
Kaspersky Lab reports "a globally coordinated cyber attack" against some 500 companies in 50 countries. The campaign began in August 2016, made extensive use of spearphishing, and appears to have as its object industrial espionage. The targeted sectors are construction, engineering, electrical power distribution, and basic metals.
Bleeping Computer warns that more MongoDB attacks are on the way—may database administrators look to their configurations.
Ransomware gets riskier, more perfidious, and more expensive. KillDisk has been developed into a ransomware package, infecting both Linux and Windows systems. It demands 222 Bitcoin (between $210,000 and $250,000), but apparently doesn't bother restoring the files even after the victim pays up.
The ransomware threat is affecting the security market: MarketsandMarkets predicts a 16.3% compound annual growth rate in the market for ransomware defense, rising from $8.16 billion in 2016 to $17.36 billion in 2021.
Verizon's planned acquisition of Yahoo!'s core assets looks shakier at week's end. The Street quotes a Verizon executive to the effect that the telecom company doesn't want to be "jumping blindly off a cliff."
The US Senate held hearings yesterday on Russian election hacking. US Intelligence Community leaders reaffirmed their conclusions that Russian services successfully targeted the Democratic National Committee. Eyebrows are raised over the FBI's apparent reliance on CrowdStrike's forensics, but such reliance is not really surprising. DNI Clapper promises a full report next week; rumor has it the report will detail how WikiLeaks got DNC emails.
Notes.
Today's issue includes events affecting Brazil, China, Ecuador, European Union, France, Germany, India, Mexico, Netherlands, Russia, United Kingdom, and United States.
In today's CyberWire podcast we'll hear from our partners at the the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks about an IRS inquiry into Coinbase, a Bitcoin wallet service. Our guest is FireEye's Tony Cole, who will share his take on 2017's threat landscape.
If you've been enjoying the podcasts, please consider giving us an iTunes review.
A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.
Cyber Attacks, Threats, and Vulnerabilities
Are Russian cyberspies buried in Dutch networks, too? (Christian Science Monitor Passcode) A US government analysis appears to show that Russian operatives hijacked hundreds of computers globally to carry out attacks on US political groups. But in this case, looks may be deceiving
Was "google[.]com[.]br" hacked? (LinkedIn) We followed at yesterday’s afternoon the many news and comments regarding the compromise of the address www.google.com.br. At the beginning, many (me included) discredited the news, however, big online portals quickly started to propagate the event. People close to me also reported to be accessing the invalid content and ask me for help
Mexican Governor Uses World Class Hacking Methods against Adversaries (Panam Post) Rafael Moreno Valle, the governor of the Mexican state of Puebla, has been singled out for using espionage to monitor opposition politicians and even others belonging to his own National Action Party (PAN)
Massive cyber attack affecting 500 industrial companies in 50 countries, says Kaspersky (Robotics & Automation News) A globally co-ordinated cyber attack has hit 500 industrial companies in 50 countries in the past few months, according to security company Kaspersky
Spear Phishing Attack Hits Industrial Companies (Kaspersky Lab ICS-CERT) Kaspersky Lab ICS CERT detected a targeted attack aimed at industrial organizations which began in August 2016 and is currently ongoing
Number of Hijacked MongoDB Databases Is Going Up as More Hackers Are Flocking In (Bleeping Computer) MongoDB administrators are about to be tought a hard lesson in database management practices, as the number of hackers that are now involved with DB hijacking attempts has gone from one to three, and more are expected to join in the upcoming days
Experts Warn of Novel Pdf-Based Phishing Scam (Threatpost) The SANS Internet Storm Center published a warning on Wednesday about an active phishing campaign that utilizes PDF attachments in a novel ploy to harvest email credentials from victims
$247,000 KillDisk ransomware demands a fortune, forgets to unlock files (ZDNet) The malware asks for 222 Bitcoin but will not honor promises to decrypt files after payment is made
KillDisk cyber sabotage tool evolves into ransomware (ITWorld) The malware is now encrypting files on both Windows and Linux systems and asks for $216,000 to restore them
Fraudsters Pose as DfE Officials to Spread Ransomware (Infosecurity Magazine) UK police are warning that fraudsters are posing as Department of Education officials in order trick schools into installing ransomware
Ransomware masquerades as CV (Enterprise Times) Researchers at security vendor Check Point have warned of a ransomware attack targeting HR departments. This attack is currently targeted at German speaking companies and pretends to be a job application. Researchers say that the email comes with two attachments. A covering letter which is a standard PDF and an Excel file containing the GoldenEye variant of the Petya ransomware
Koovla Ransomware Urges Users to Read Up on Security (Infosecurity Magazine) Security researchers have discovered an unusual ransomware variant which offers a decryption key not if victims pay up, but if they read two articles on how to stay safe from malware
Ransomware likely migrate beyond computers in 2017 (Trade Arabia) This could be the year in which the ruthless threat of ransomware migrates to other platforms beyond computers and smartphones, whose primary purpose is not data processing or digital communications, a report said
Why Ransomware Is Only Going To Get Worse (Dark Reading) The meteoric rise of the problem stems from a lack of preparedness and simple economics
‘Ghost Hosts’ Bypass URL Filtering (Dark Reading) Malware authors have found a way to evade URL-blocking systems by swapping bad domain names with unknown ones
“The Internet Will SHUTDOWN For 24 Hours In 2017,” Security Firm LogRhythm Predicts (Fossbytes) US-based security firm LogRhythm has predicted that due to a massive DDoS attack, the worldwide internet will shutdown for 24 hours in 2017, resulting in the tanking of financial markets. Company’s vice president and chief information security officer James Carder also predicted that the DDoS attacks that took place in 2016 were a clear indication. He also hinted at the increasing ransomware threats
Smart Meters Are Laughably Insecure, Are a Real Danger to Smart Homes (Bleeping Computer) Most smart meters that are installed, or are soon to be installed, in hundreds of millions of homes around the world are woefully insecure and can be easily hacked by a remote attacker to alter energy consumption levels, hack other smart devices in the user's home, or even cause the meter to explode
Stolen Passwords Fuel Cardless ATM Fraud (KrebsOnSecurity) Some financial institutions are now offering so-called “cardless ATM” transactions that allow customers to withdraw cash using nothing more than their mobile phones. But as the following story illustrates, this new technology also creates an avenue for thieves to quickly and quietly convert stolen customer bank account usernames and passwords into cold hard cash. Worse still, fraudulent cardless ATM withdrawals may prove more difficult for customers to dispute because they place the victim at the scene of the crime
Free 3G internet from WhatsApp? No, it’s a scam (Naked Security) It’s still the first week of 2017, and we’ve already had a WhatsApp scam warning from a keen Naked Security reader
Windows 10 Mobile has a pretty weird security flaw (MS Poweruser) Today, we noticed a pretty weird security flaw in Windows 10 Mobile. If you are using a Windows 10 Mobile that does not support Windows Hello, your are likely using a pin to secure your device. The pin can be easily set-up from Windows 10 Mobile’s Sign-in Options page in the Settings app. However, there’s an interesting issue with this system
Porn Gets Pwned: for Hackers, XXX Means Exploit, Extort and Expose (Infosecurity Magazine) Nearly 400,000 users of adult site xHamster have found themselves in a compromising position after their private details were leaked. There’s no confirmation of who was behind the breach as yet, but usernames, email addresses and passwords have apparently been trading hands on the dark web for several months
Over One Million Over-45s Hit by Email Scams (Infosecurity Magazine) More than one million Brits over the age of 45 have fallen victim to some form of email-related fraud, as the internet supersedes the telephone as the favored channel for scammers, according to Aviva
Cyber Trends
Analysis: 2016 Health Data Breaches, and What's Ahead (InfoRisk Today) Experts offer predictions for trends in 2017
Companies still struggle with security (Khaleej Times) In an era of increasingly interconnected devices, it doesn't take much for a skilled hacker to avoid detection and launch an attack that can spell disaster for a company
New Research Reveals Top Five Impediments to Cybersecurity Framework Implementation (Businesswire) Survey of U.S. and European security managers and executives shows effective adoption of security controls leads to increased compliance and measurable security improvements
Marketplace
Ransomware protection market to reach $17.36 billion by 2021 (Help Net Security) According to a new report on the ransomware protection market by MarketsandMarkets, the market size is expected to grow from $8.16 billion in 2016 to $17.36 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 16.3%
Investor Takeaways from The Russian Hacking Scandal (Investing Daily) Shocking the norms of political discourse is customary for Donald Trump and he did so again on Wednesday, when he publicly sided with WikiLeaks founder Julian Assange against America’s own intelligence community. Contrary to the findings of the NSA, CIA and FBI, Trump endorsed the activist’s claim that Russia didn’t provide WikiLeaks with hacked Democratic Party emails
India as a Global Cybersecurity Hub: Achieving the Goal (InfoRisk Today) Rajendra Pawar of NASSCOM Task Force offers vision for growth
Verizon Still Doesn't Know if It Will Close Its $4.8 Billion Purchase of Yahoo! (The Street) After two massive cyber breaches at Yahoo, Verizon's digital executive Marni Walden says the telecom has to make sure it is not 'jumping off blindly off a cliff'
Verizon-Yahoo Deal On The Ropes - Is Cyber Security Killing Deals? (Forbes) It seems every day there is another story about hacking and data breaches, whether the alleged attackers are foreign governments or a lone wolf, the newsworthy targets are high profile, but it is a problem impacting a huge swath of businesses, regardless of size. Yahoo, Eddie Bauer and Target stores are amongst many others who have been affected and Cloud giant Oracle reported a potential intrusion on its MICROS payment systems last August
Better Buy: Palo Alto Networks, Inc. vs. Check Point Software Technologies, Ltd. (Motley Fool) The peers share a number of attributes, but their respective business models couldn’t be more different
Two Cyber Security Stock Picks For 2017 (Nasdaq) Cyber security is going to be in the news over the next week or so. The Congressional hearings into the hacks of the Democratic National Committee e-mail server and that of Clinton campaign chair John Podesta begin today, with the public version of the intelligence community’s reports being made available on Monday
NSA Vet Curt Dukes Joins Center for Internet Security in EVP Role (Gov Con Executive) Curt Dukes, former director of the National Security Agency‘s information assurance directorate, has joined the Center for Internet Security as executive vice president
Products, Services, and Solutions
New infosec products of the week: January 6, 2017 (Help Net Security) Fortress Cyber Security launches Fortress UTM... WISeKey makes available its cryptographic Root of Trust... Bitdefender BOX gets an update... HEAT Software updates three UEM and Cloud Service Management solutions
Forrester Wave Report: Cylance Disrupts Market with AI-Driven Endpoint Protection (Cylance Blog) The recently released Forrester Wave report confirms what security industry insiders have been saying for some time now: Cylance continues to be a major market disruptor with its unparalleled signatureless malware prevention endpoint solution, CylancePROTECT®
Recorded Future (SC Magazine) The thing that is most impressive about Recorded Future is the breadth and depth of their coverage
Verizon and Cypress Bring Secure Connectivity to Robust Internet of Things Development Platform (PRNewswire) Cypress' WICED® Studio 4 Platform and Verizon's ThingSpace Enable Cloud Connectivity with End-to-End Security
ForeScout-Splunk integration hopes to bring greater insight to IoT security (TechCrunch) ForeScout announced an integration with Splunk today that it hopes will bring a new level of security visibility to Internet of Things devices
Bitdefender Box Hopes To Secure The Internet Of Things (Tom's Hardware) The Internet of Things (IoT) is out in full force at CES 2017. Seemingly everything, from toothbrushes to refrigerators, is being connected to the internet. Bitdefender revealed an updated Box to make sure those IoT products, mobile devices, and other connected gizmos are kept secure
Brother Industries Adopts MobileIron for High-Security Unified Management (PRNewswire) Strengthens security for iPhones and iPads while enabling employee productivity
Technologies, Techniques, and Standards
SWIFT speaks on fraudulent messages and the security moves the cooperative is making to assist its customers (CSO) SWIFT is using a multipronged approach to address interbank messaging fraud
7 Ways To Fine-Tune Your Threat Intelligence Model (Dark Reading) The nature of security threats is too dynamic for set-and-forget. Here are some ways to shake off that complacency
Three Ways that Security Researchers Trolled Hackers in 2016 (CSO) The year 2016 has not really been a standout for information security. This was the year that the Russians hacked the DNC (and now the RNC, apparently), the year that ransomware authors bricked an entire transit system, and the year that the IoT literally broke the internet. Like most of the population, the security community can’t wait to say goodbye to 2016
Social media security is not just for kids – how safe are your profiles? (Naked Security) The news is full of the risks children face on the internet, not just in terms of predators but also in terms of the rights they might be signing away. Their details and the rights to any images they post may be compromised, says a report from the UK’s Children’s Commissioner, entitled Growing Up Digital
Design and Innovation
A prize for “real-world cryptography” was given to programmers behind AES and the Signal app (TechCrunch) This week I had the chance to visit Columbia University to meet with Max Levchin, currently the CEO of financial company Affirm and one of the co-founders of PayPal. He was in the Lerner Hall auditorium surrounded by a large flock of programmers belonging to a special branch of the field: cryptology. They were all there vying for the second annual Levchin Prize
Army Envisions Network of 2040 (SIGNAL) The service identifies innovations needed now to meet or beat the challenges of the future
All that glisters is not security gold at CES in Las Vegas (Naked Security) Depending on your outlook, the Internet of Things (IoT) is either an exciting frontier that promises to embed smartness into a world of unforgivably dumb objects or a gilded cage of expensive proprietary technology whose security standards we must take on trust
Move over Bitcoin – MIT Cryptographer Silvio Micali and his Public Ledger ALGORAND… The Future of Blockchain? (Blockchain News) MIT’s Ford Professor of Engineering and one of the world’s top cryptographers Silvio Micali recently published a paper called ALGORAND The Efficient and Democratic Ledger (in the Blockchain News Library) where he lays out a groundbreaking new vision of a decentralized and secure way to manage a shared ledger that provides a beautifully elegant solution to the Byzantine General’s problem
Making Secure Chips For IoT Devices (Semiconductor Engineering) Technology is improving, but so is awareness about the need for security
Research and Development
U.S. Air Force contracts BAE Systems for intelligence sharing (UPI) BAE Systems has received a $49 million contract from the U.S. Air Force Research Lab to enhance intelligence-sharing capabilities
Army wants system to determine a drone's intent (C4ISRNET) Worried about hostile drones, but unsure how to determine which drones are hostile and which are not, the Army is looking for technology that can determine a drone's intent
Legislation, Policy, and Regulation
How Russia wields cyberpower (Christian Science Monitor Passcode) Cyberattacks around the world linked to Russia – including hacking US political groups – expose a growing sophistication for leveraging the internet's speed and scale to exert influence
US intelligence: 30 countries building cyber attack capabilities (ZDNet) Officials say Russia has "highly advanced" offensive cyber program, and that only its 'senior-most' officials could have authorized election-focused data thefts
Hope for global cyber norms struggles following Russian hacking allegations (C4ISRNET) The Obama administration issued a public response to hacking incidents against U.S. political institutions and meddling in the presidential election attributed to the Russian government in the way of sanctions against individuals and organizations affiliated with the conspiracy
Intelligence officials: U.S. needs to rethink how to respond to hacks (Baltimore Sun) Top American intelligence officials told Congress on Thursday that the nation needs to become more effective in responding to cyberattacks, saying that foreign governments are ever more capable and willing to break into American computer networks
Senators support intel findings on Russia, call for deterrence policy (FCW) As President-elect Donald Trump continues to express doubts about the intelligence community's assertion that Russia hacked Democratic Party servers to influence the 2016 election, intelligence officials are standing by their findings
McCain: Russia Hack Should Spark National Cyber Policy (Defense News) The US Senate Armed Services Committee will focus on beefing up the nation’s cyber security after alleged Russian meddling in US elections, which chairman John McCain at a committee hearing Thursday called “an unprecedented attack on our democracy”
Blog: AFCEA Calls for Whole-of-Nation Approach to Cybersecurity (SIGNAL) The organization’s cyber committee offers solutions for the next administration
DHS should house new cyber agency, experts tell President-elect (Federal News Radio) The Homeland Security Department has come a long way in the last decade in how it manages, assists, oversees and responds to cybersecurity incidents that the public and private sectors face daily. Now a group of experts are recommending to the President-elect Donald Trump to go even further
From Awareness to Action: A Cybersecurity Agenda for the 45th President (CSIS Cyber Policy Task Force) This report lays out specific recommendations for the next administration’s cybersecurity policy. It identifies the policies, organizational improvements, and resources needed for this. It builds on the 2009 Commission on Cybersecurity for the 44th Presidency, a foundational document for creating a strategic approach to cybersecurity. In the eight years since that report was published, there has been much activity, but despite an exponential increase in attention to cybersecurity, we are still at risk and there is much for the next administration to do
US Congressman McCaul Proposes Organizing US Cyber Defense Into Single Agency (Sputnik News) US House of Representatives Homeland Security Committee chairman said that United States should establish a major cybersecurity organization under the Department of Homeland Security in order to strengthen its cyber defense system
Trump picks former U.S. Senator Coats as director of national intelligence (Reuters) President-elect Donald Trump on Thursday picked former U.S. Senator Dan Coats as his director of national intelligence, two senior transition officials said, as he puts his stamp on a U.S. intelligence community that he frequently criticizes
A Useful Trump Intelligence Shakeup (Wall Street Journal) The White House intel shop can be shrunk and its staff improved
Special Report: Trump Vs. US Intelligence Community (BankInfo Security) Audio Report: ISMG editors analyze the latest developments
Donald Trump Casts Intelligence Aside (New York Times) What plausible reason could Donald Trump have for trying so hard to discredit America’s intelligence agencies and their finding that Russia interfered in the presidential election? Maybe he just can’t stand anyone thinking he didn’t, or couldn’t, win the presidency on his own
Are Trump And U.S. Intelligence Community Headed For A Showdown? (NPR) There's a new narrative solidifying in Washington: President-elect Donald Trump distrusts the U.S. intelligence community because it's been sounding the alarm on Russia's interference in the November election. In turn, this feeds a growing sense of dread among U.S. intelligence professionals that the president-elect and his inner circle will ignore or undermine the intelligence community at every opportunity
They could walk (Vice) U.S. intelligence officials warn agents could quit en masse if Trump keeps mocking them
Michael Rogers: 5 Fast Facts You Need to Know (Heavy) Michael Rogers, director of the National Security Agency, testified on Capitol Hill today during a hearing about Russian interference in the 2016 election
U.S. Intelligence Leaders Push Back on Trump Attacks (Newsweek) American intelligence officials on Thursday got a chance to hit back against the broad attacks Donald Trump has lobbed against them, a day ahead of their briefing with the president-elect on Russia’s interference in the 2016 election
Cyber attack may be new reason to call National Guard (Bismarck Tribune) A house committee is considering a bill to allow the governor to call in the National Guard in the case of a cyber attack
Litigation, Investigation, and Law Enforcement
U.S. Intelligence Report Due Next Week on Election Hack (Threatpost) The various branches of the U.S. intelligence community said they will next week deliver a joint report that corroborates claims that Russian intelligence attempted to influence the 2016 presidential election
Why doubts still cloud Russian hacking allegations (Christian Science Monitor Passcode) Evidence that the government has presented so far linking Russian operatives to the DNC hack is questionable, fueling skepticism and doubt about Moscow's role
FBI dispute with DNC over hacked servers may fuel doubt on Russia role (CSO) The FBI never gained access to the DNC's hacked servers, instead relying on evidence provided from CrowdStrike
Intelligence Chief Defends Finding Russia Meddled in Election (Wall Street Journal) Rejects Trump’s suggestions that the agencies’ conclusions could be faulty or false; report due out next week
Top US Intel Officials Double Down On Russian Hacking Allegations (Dark Reading) Russian nation-state had 'more than one motive' in breaches and leaks of DNC, Podesta emails, officials tell Senate committee
U.S. official says Russia undoubtedly meddled in U.S. election (Military Times) America's top intelligence official said Thursday that Russia undoubtedly interfered in America's 2016 presidential election but stopped short of using the explosive description "an act of war," telling lawmakers such a call isn't within the purview of the U.S. intelligence community
U.S. spy chief 'resolute' on Russia cyber attack, differs with Trump (Reuters) The top U.S. intelligence official said on Thursday he was "even more resolute" in his belief that Russia staged cyber attacks on Democrats during the 2016 election campaign, rebuking persistent skepticism from Republican President-elect Donald Trump about whether Moscow was involved
Spy agencies: We can’t judge impact of hacking on election (CyberScoop) U.S. intelligence agencies have no way of measuring the impact of Russian hacking on the recent election result, the nation’s top spy told senators Thursday
U.S. intercepts capture senior Russian officials celebrating Trump win (Washington Post) Senior officials in the Russian government celebrated Donald Trump’s victory over Hillary Clinton as a geopolitical win for Moscow, according to U.S. officials who said that American intelligence agencies intercepted communications in the aftermath of the election in which Russian officials congratulated themselves on the outcome
Assange’s Claims on DNC Hack Have ‘No Credibility,’ Say Intel Chiefs (Wired) As the world seeks to understand the alleged Russian hacking that rattled last year’s election, WikiLeaks founder Julian Assange threw a spanner into the investigation, saying earlier this week that Russia wasn’t the source of Democratic Party emails that his secret-spilling group published—a claim then amplified in a tweet from president-elect Donald Trump. But America’s top spies have made clear that no statement from Assange, even one backed by the next president, will sway their finding that the Kremlin is behind those political attacks
Cruz: Assange did 'enormous damage' to national security (Washington Examiner) Sen. Ted Cruz said Thursday that WikiLeaks founder Julian Assange is a threat to the United States who has already hurt U.S. national security
Former FBI SAiC Of Cybercrimes Shares Thoughts On Russian Hacking/US Response (Information Security Buzz) Leo Taddeo, CSO at Cryptzone and former FBI Special Agent in Charge of the Cybercrimes Division, spoke on NBC about the election hacks, the US response, and Trump’s claims to know more about the hacks. Below are some transcribed thoughts from the interview
Lawmakers demand answers on Rhodes' Security clearance (Washington Examiner) White House Deputy National Security Adviser Ben Rhodes has become the subject of a congressional probe into whether FBI officials declined to grant him an interim security clearance for use during President Obama's transition
How Breach Underreporting Hurts Crime-Fighting Efforts (InfoRisk Today) Dr. Muktesh Chander, Director General of Goa Police, calls for notification mandate
FTC goes after D-Link for shoddy security in routers, cameras (CSO) Security experts have been warning about the dangers with poorly secured IoT products
Unsecure routers, webcams prompt feds to sue D-Link (Ars Technica) D-Link failed to maintain confidentiality of private key used to sign its software
D-Link sued by US authorities over "easily preventable" security flaws (Computing) Selling internet-connect gear that's easily compromised? The FTC is coming for you (even if UK agencies aren't)
IoT Privacy Fears as UK Cops Look to Monitor Suspects (Infosecurity Magazine) Security experts have raised privacy concerns after a new report revealed that British police are looking to tap IoT data logs to verify alibis and help with investigations
Zero Days review: how the Pandora's box of hacking broke open (Telegraph) merican documentarist Alex Gibney - director of films about WikiLeaks, US government torture policy and Catholic church sex abuse, as well as the gripping Scientology exposé Going Clear - is no stranger to difficult, headline-grabbing subjects
Stop Gossiping in Your Work Slack (Motherboard) If you use an online chatroom service at work, make sure you keep office gossip offline to avoid unnecessary scandals in 2017. That’s a big lesson media giant Gawker learned last year when their Campfire online work chat records were revealed after Hulk Hogan sued the media outlet for publishing a sex tape of him in 2012
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
National Credit Union - Information Sharing & Analysis Organization - 2017 Tech Conference (Cape Canaveral, Florida, USA, Jan 31 - Feb 2, 2017) Join us for three days of Cyber Security topics that are pertinent to Credit Union cyber resilience, real-time security situational awareness information sharing, and coordinated response in the global credit union community! Protecting the Credit Union’s global infrastructure to sustain cyber resilience requires an unprecedented level of public- and private-sector cooperation, collaboration and coordination and includes access to the real-time availability of proactive “actionable” threat intelligence; analysis of potential impacts; coordinated countermeasure solutions and response; cybersecurity best practice adoption and role-based workforce education.
Upcoming Events
SANS Security East 2017 (New Orleans, Louisiana, USA, Jan 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in the "Big Easy" in January. Now is the time to improve your information security skills and laissez les bons temps rouler!
S4X17 ICS Security Conference (Miami Beach, Florida, USA, Jan 10 - 12, 2017) Three Days of advanced ICS cybersecurity on three stages with the top 500 people in ICS security. Main Stage - The big names (Richard Clarke, Renee Tarun, ...) and forward looking topics (ICS certification, machine learning, ExxonMobil project, securing IoT, industrial drones, cyber PHA, workforce development). Stage 2: Technical Deep Dives - the classic S4 sessions in gory technical detail. If you ever said you wanted more at an ICS event, this is where you get it. Sponsor Stage - the sessions on this stage alone rival what you would see at most other ICS security events. They are the same speakers you might see at other events, but they up their game for the advanced S4 crowd. Social Events - We all attend conferences as much to establish and renew relationships with our peers as to see the sessions. The people you want to meet and know in ICS cybersecurity are all at S4.
Suits and Spooks DC 2017 (Arlington, Virginia, USA, Jan 11 - 12, 2017) “What we are creating now is a monster whose influence is going to change history, provided there is any history left.” (John von Neumann) When John von Neumann said those words in 1952, he didn’t mean the Atomic bomb that he helped create as a scientist with the Manhattan Project. He was referring to his revolutionary work in high speed computing. Over sixty years later, the computer has revolutionized every aspect of our life – from currency to medicine to warfare. Our almost total reliance upon insecure software and hardware has made the world less safe, and has fundamentally changed the power equations between State and Non-State actors. Suits and Spooks 2017 will focus on identifying the world’s most valuable new technologies, who the threat actors are that are looking to acquire them, and what can be done to stop them.
Global Institute CISO Series Accelerating the Rise & Evolution of the 21st Century CISO (Scottsdale, Arizona, USA, Jan 11 - 12, 2017) These intimate workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational threats. These are an intense “roll your sleeves up” thought leadership discussions on How Cyber is Driving the New Board Perspective on Enterprise Risk Management. Attendance is limited to 30 Security and Risk Executives from Global 2000 corporations. For Chief Security Information Officers, Chief Information Officers, and Chief Risk Officers, by invitation only (apply to attend).
Cybersecurity of Critical Infrastructure Summit 2017 (College Station, Texas, USA, Jan 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats to critical infrastructures. This summit will focus on two sectors that are among those at greatest risk, the energy and manufacturing sectors. Highlighting emerging technologies and policy initiatives, this event will foster the development of high impact strategies to address the many interrelated cybersecurity challenges we face in the protection of our nation’s critical infrastructures.
ShmooCon 2017 (Washington, DC, USA, Jan 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.
SANS Las Vegas 2017 (Las Vegas, Nevada, USA, Jan 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately.
BlueHat IL (Tel Aviv, Israel, Jan 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.
SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, Jan 25 - Feb 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but have no real concept of how to create and produce proper intelligence. The 2017 Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to all ranges of adversaries including some of the most sophisticated threats targeting your networks
Blockchain Protocol and Security Engineering (Stanford, California, USA, Jan 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary collaboration among practitioners and researchers in blockchain protocols, distributed systems, cryptography, computer security, and risk management.