The CyberWire Daily Briefing 4.7.17

Summary

By The CyberWire Staff

As Presidents Trump and Xi meet for their first Sino-American summit, we note again the Fidelis report on "Operation TradeSecret," with the look and feel of APT10 (which in turn has the look and feel of a Chinese state-run actor). US officials worry about Chinese ambitions with respect to international trade: not only familiar IP theft, but also collection against US trade lobbyists like the National Foreign Trade Council.

A strange campaign in the wild that's being called "BrickerBot" is looking for insecure IoT devices and then bricking them—rendering them incapable of operation. Discovered by Radware in one of its honeypots, BrickerBot is baffling because its motive is unclear. Many observers suspect that it's a vigilante action conducted by a grey hat hacker who's trying to kill IoT devices before they can be herded into a botnet.

Palo Alto's Unit 42 reports on a campaign to exploit vulnerable DVRs as bots: the campaign is called "Amnesia." And ESET warns against "Sathurbot," said to contain some twenty-thousand devices.

Ransomware remains a current and enduring threat. A pediatric practice in Texas has been a victim of Dharma ransomware; the attack was swiftly contained but more than fifty-thousand patient records may have been exposed during the attack. Bleeping Computer reports that an Indian developer has been "playing around with an open source ransomware builder" on GitHub. At least one gang seems to have made $100,000 exploiting Apache Struts.

Concerns about influence operations and improper surveillance persist, in both the US and France.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, Egypt, European Union, France, India, Israel, Kenya, Democratic Peoples Republic of Korea, Russia, United Kingdom, and United States.

Podcast Summary

In today's podcast, we speak with Awais Rashid (from our partners at Lancaster University) on the challenges the limited interfaces of IoT devices pose for security. We'll also be speaking with a guest, Andrea Little Limbago from Endgame on the cybersecurity work she does as a social scientist, and her take on the WiCyS conference.

Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of how artificial intelligence is being applied to security.

Cyber Attacks, Threats, and Vulnerabilities

As Trump Entertains Xi Jinping, 'Operation Tradesecret' Spy Campaign (Infosecurity Magazine) Indicators show the attackers are part of the global China-backed hacking group APT10

China-Based Threat Actor APT10 Ramps Up Cyber Espionage Activity (Dark Reading) Customers of managed security service providers, website of U.S. trade lobby group targeted in separate campaigns

US trade lobbying group attacked by suspected Chinese hackers (CSO Online) A group of what appears to be Chinese hackers infiltrated a U.S. trade-focused lobbying group as the two countries wrestle with how they treat imports of each other's goods and services.

Cyber Espionage in Advance of U.S.-China Summit? Fidelis Threat Team Investigates (BusinessWIre) Fidelis Cybersecurity published findings that Chinese threat actors associated with or sponsored by the Chinese Government targeted a prominent U.S.

BrickerBot targets insecure IoT devices - and then bricks them (Computing) 'Grey hat' hacker suspected to be behind malware that seeks out and takes down insecure connected devices

Rash of in-the-wild attacks permanently destroys poorly secured IoT devices (Ars Technica UK) Ongoing "BrickerBot" attacks might be trying to kill devices before they can join a botnet.

New Malware Deliberately Destroys Unsecured IoT Devices (Dark Reading) Motive behind BrickerBot puzzles experts who think it maybe the work of a vigilante.

New Malware Intentionally Bricks IoT Devices (BleepingComputer) A new malware strain called BrickerBot is bricking Internet of Things (IoT) devices around the world by corrupting their storage capability and reconfiguring kernel parameters.

Amnesia botnet targeting DVRs, Palo Alto report (SC Magazine US) Over a quarter of a million devices used with DVRs around the globe are susceptible to a new botnet its discoverers have dubbed Amnesia.

New IoT/Linux Malware Targets DVRs, Forms Botnet (Palo Alto Networks Blog) Unit 42 researchers have identified a new variant of the IoT/Linux botnet “Tsunami”, which we are calling “Amnesia”.

Chasing Lazarus: A Hunt for the Infamous Hackers to Prevent Large Bank Robberies (PCQuest) Kaspersky Lab has published the results of its more-than-year-long investigation into the activity of Lazarus

The North Korea worry you haven't heard of: Cyber bank robbers (McClatchy DC) The scale of North Korean hacking operations against banks and casinos is “shocking,” a report by cybersecurity giant Kaspersky Lab says. Another firm, Symantec, says a North Korean hacker group is targeting banks in 31 countries.

20,000-bots-strong Sathurbot botnet grows by compromising WordPress sites (Help Net Security) A 20,000-bots-strong botnet is probing WordPress sites, trying to compromise them and spread a backdoor downloader Trojan called Sathurbot as far and as wide as possible.

Ransomware Attack on Pediatric Practice Exposes 55,447 Patients' Information (eSecurity Planet) While the company was able to avoid falling victim to the ransomware, the attackers may have been able to access patient data.

LMAOxUS Ransomware: Another Case of Weaponized Open Source Ransomware (BleepingComputer) An Indian developer is playing around with an open source ransomware builder, which in the long run may end up causing serious problems for innocent users.

Kaspersky spots spike in targeted ransomware attack on large orgs (SC Magazine UK) Kaspersky researchers have spotted a growth in targeted ransomware attacks on large companies.

Ransomware Gang Made Over $100,000 by Exploiting Apache Struts Zero-Day (BleepingComputer) For more than a month, at least ten groups of attackers have been compromising systems running applications built with Apache Struts and installing backdoors, DDoS bots, cryptocurrency miners, or ransomware, depending if the machine is running Linux or Windows.

This Ransomware Doesn't Want Cash, It Just Wants You to Play a Japanese Video Game (Motherboard) Hit a certain score on 'Undefined Fantastic Object' to unlock your files.

Why Is Ransomware The Deadliest Of All Online Threats? (CXO Today) Now, more than ever, a recent report suggests that India ranks second in ransomware attacks, this does not come as a surprise to many, especially the industry experts, considering that the country’s current state of digital security isn’t geared up to handle the emerging threats.

Android spyware evades anti-virus detection by using DroidPlugin sandbox (Graham Cluley) The Triada family of Android spyware is using the DroidPlugin open-source sandbox to evade detection by anti-virus software installed on infected devices.

The 'Dark RAT' (Infosecurity Magazine) In March 2017, Fujitsu Cyber Threat Intelligence uncovered a newly developed remote access tool referred to by its developer as ‘Dark RAT'

Your iPhone is not infected, and you don't need a free VPN app to clean it (Help Net Security) A scammy lunge at tech-unsavvy users is being performed by a global market research company offers MyMobileSecure - an "unlimited VPN proxy".

Fake News Site Targeting Android, Windows Users with Malware Scam (HackRead) A group of hackers is performing highly sophisticated cyber-attacks against high-profile organizations of Middle East - Cyber security firms Palo Alto Networks

I’ve Somehow Become Embroiled In a Byzantine VPN Scam (Motherboard) Does not compute.

QNAP NAS devices open to remote command execution (Help Net Security) If you're using one of the many QNAP NAS devices and you haven't yet upgraded the QTS firmware to version 4.2.4, you should do so immediately.

Bank customer details found on 'dark web' by IAG (Financial Review) Any CEO who believes they have a secure digital environment is "completely oblivious" to cyber threats, says IAG's Peter Harmer

FAFSA Tool Taken Offline After Breach Report (Dark Reading) Personal data of 100,000 taxpayers compromised after IRS' students financial aid tool hacked.

Mobile apps of 7 Indian banks compromised: FireEye (The Hindu Business Line) Names of banks not disclosed; malware has capability to steal user credentials, says US-based cyber security firm

Safaricom thwarts cyber attack attempts (Citizentv.co.ke) Safaricom thwarts cyber attack attempts

Islam critic cancels tour, citing security threats (Washington Examiner) Author Ayaan Hirsi Ali has canceled her upcoming speaking tour of Australia and New Zealand, citing security concerns as well as lapses by the tour's organizers.

Security Patches, Mitigations, and Software Updates

Windows 10 Creators Update will come with clearer privacy options (Help Net Security) Two years after Microsoft released Windows 10, the company has finally revealed what data it collects from users, and announced clearer privacy options.

Cyber Trends

Embedded Systems Designers Are Creating the Internet of Dangerous Things (Design News) A surprising 28% of embedded systems designers say the products they create are capable of causing injury or death during a malfunction. This is the third year the Barr Group has delivered a disparaging report on the safety and security of embedded systems.

Security: Losses Outpace Gains (Semiconductor Engineering) Complexity, new and highly connected technology, and more valuable data are making it harder to keep out hackers.

Teaching Hospitals at Greater Data Breach Risk (Dark Reading) John Hopkins researcher studies data breaches at hospitals between 2009 and 2016.

Cybereason Commissions 2017 Threat Hunting Report (IT Business Net) Cybereason, developers of the most effective Total Endpoint Protection Platform including EDR & Next-Gen AV, today announced the results of a undefined 2017 Threat Hunting Report of top CISO's and cyber security and IT professionals.

Marketplace

Symantec - Insurers poised to disrupt cyber-security channels (New Zealand Reseller News) A series of product partnerships with cyber insurance providers locally and globally is signalling ICT security firm Symantec is preparing for what could be a major market shift.

Akamai to acquire Soasta (Digital News Asia) The acquisition is intended to give Akamai customers greater visibility into the business impact of their website and application optimisation strategies.

KeyW builds intell footprint as Sotera buy closes (Washington Technology) KeyW has closed its $235 million acquisition of Sotera as the company positions itself as the largest firm focused primarily on intelligence customers.

There's A New $2 Billion Security Company In Town: How Will McAfee Shake Up The Competitive Landscape? (CRN) Solution providers and analyts speak to CRN about the impact on rivals and the security market overall as the new McAfee makes its debut.

Yahoo And AOL Move In Together Under 'Oath,' Verizon's New Digital Arm (WABE) There's a new brand on the Internet that's taking over some old ones — or at least old in Internet years. Yahoo and AOL are now under an umbrella

General Dynamics brings NATO to the cloud (C4ISRNET) Work on this contract will be based in Belgium and performed across many of the NATO member nations.

NetCentrics wins government contract to enhance federal cybersecurity (GSN) NetCentrics Corporation, a leading provider of enterprise IT services and cybersecurity for the U.S. government, announced today the deployment of a breakthrough systems management technology for one of its government customers.

Fighting cybercrime - David and Goliath style (IT Pro Portal) BAE Systems is teaming up with Cyber London to support cyber start-ups and boost the UK's economy.

Meet 3 of our Disrupt NY Startup Spotlight companies: Duo Security, Lemonade, and Tala (TechCrunch) Disrupt NY is right around the bend, and with it comes a brand new type of content: The Startup Spotlight. Each of these companies will have a total of 15..

ASA bans Kaspersky's smutty sexting ad after receiving 70 complaints (Inquirer) Watchdog says ad 'normalised' sexting for under-18s

CRN Exclusive: Tanium Names Former Cisco Exec To Lead State, Government, Health Care And Education Push (CRN) Tanium has named former Cisco executive John Maxwell to lead its business around state and local government, health care and education, the company announced Thursday.

RedOwl Announces the Appointment of John M. Jack to Board of Directors (Yahoo! Finance) RedOwl, the leader in insider risk solutions, today announced the appointment of John M. Jack to its Board of Directors. As the former CEO of HP Fortify and current advisor and board member to a number ...

Products, Services, and Solutions

New infosec products of the week: April 7, 2017 (Help Net Security) A rules engine that adapts to changing attack patterns DataVisor announced the latest addition to its full stack analytics platform, the DataVisor Automate

BitSight Delivers First Objective Measurement of National Cybersecurity Risk (IT Briefing Net) BitSight, the Standard in Security Ratings, today announced the general availability of Sovereign Security Ratings, the first objective measurement of national cybersecurity risk.

Infoblox Delivers Elastic Secure DNS for Service Providers (Global Security Mag Online) Infoblox Inc. announced Infoblox Trinzic Flex, an elastically scalable carrier-grade virtual appliance that delivers network control, security, and automation.

Bishop Fox Tests Best Known Virtual Private Networks (VPNs) for Privacy, Performance and Ease of Use (PRNewswire) With the repeal of the Federal Communications Commission's (FCC) internet...

Microsemi and Athena Announce the TeraFire Hard Cryptographic Microprocessor for PolarFire "S Class" FPGAs, Providing Advanced Security Features (PRNewswire) Microsemi Corporation (Nasdaq: MSCC), a leading provider of semiconductor solutions differentiated by power, security, reliability and performance, and ...

DB Networks and Exabeam Announce Integration Partnership to Offer Full-Spectrum Behavioral Based Analysis of Security Threats (PRNewswire) DB Networks®, a pioneer in Artificial Intelligence (AI) based database , today announced an integration partnership with Exabeam, a provider of security intelligence ...

Sucuri Introduces New Partner Program at HostingCon 2017 (El Editor) Sucuri, the most respected website security brand in the market, is proud to announce a new partnership program for the hosting industry.

Ixia delivers end-to-end visibility for public cloud (Dataquest) Ixia, a provider of network testing, visibility, and security solutions, today announced it has further extended the reach delivered by the CloudLens Platform to the public cloud. CloudLens Public provides...

Brocade's Ruckus Wireless Business Unit Collaborates with Pelco by Schneider Electric For Enhanced Physical Security (PRNewswire) ISC West—Ruckus Wireless, a part of Brocade, today announced its...

Technologies, Techniques, and Standards

The Cyber Attack Kill Chain: Where Threat Intelligence Can Help (Recorded Future) There’s a common misconception that threat intelligence is just about catching attacks before they happen. Here’s what’s wrong with that assumption.

Building a strategic threat intelligence program (SearchNetworking) Bloggers examine strategic threat intelligence, PaaS and cloud migrations and compare the capabilities of SIEM and UEBA.

McAfee report reveals five challenges to cyber threat intelligence (ComputerWeekly) McAfee Labs’ latest report details the challenges facing threat intelligence sharing efforts and reveals growing trends in malware, ransomware, mobile malware and other threats.

Anatomy of a CVE - Anchore (Anchore) We often mention CVEs in our blogs but we usually skip over the topic, explaining that while CVE checking is important, it is just the tip of the iceberg and that you need to look deeper into the image to check configuration files, non-packaged files, software artifacts such as Ruby GEMs and Node.JS NPMs.

Can Cyber Situational Awareness Prevent the Next Black Swan Cyber Event? (Security Intelligence) Security analysts cannot predict black swan events, but they can estimate the likelihood of a damaging breach through cyber situational awareness.

Threat intelligence sharing challenges: Understand the context of cyber events (Help Net Security) The security industry faces challenges in our efforts to share threat intelligence between entities, among vendor solutions, and within vendor portfolios.

Public/private threat intelligence sharing faces roadblocks (SearchSecurity) Threat intelligence sharing between the public and private sectors face challenges in culture, according to experts and government representatives.

HackerOne CEO: The tech industry has some 'catching up to do' on software security (TechRepublic) Despite open source's promise of better security, bug bounty programs are catching fire as a way to plug security holes.

Real Hackers Reveal How to Protect Your Business From Cyber Attack (AllBusiness.com) A new report polls a group of hackers to find out what they look for when hacking into a site, and some of the answers may surprise you.

Tracking Website Defacers with HTTP Referers (SANS Internet Storm Center) In a previous diary, I explained how pictures may affect your website reputation[1]. Although a suggested recommendation was to prevent cross-linking by using the HTTP referer, this is a control that I do not implement on my personal blog, purely for research purposes. And it successfully worked!

Design and Innovation

Chrome Security Team Tackles ‘Friendly Fire’ To Keep Browser Safe (Threatpost) Justin Schuh, lead engineer of Chrome Security, said ensuring browser security for Chrome users is a balancing act juggling OEM pressures, questionable certificate authorities and quashing third-pa…

Facebook Pushes News Literacy to Combat a Crisis of Trust (WIRED) Facebook joins with the founder of Craigslist to fix a crisis of faith in the news, but questions remain about who should shoulder the blame.

Google’s fact check feature goes global and comes to Google Search (TechCrunch) We live in the age of fake news -- both the really fake news that's simply fake and the kind of news that some people like to call "fake" only because they..

Seventeen Techniques for Truth Suppression (DC Dave) Strong, credible allegations of high-level criminal activity can bring down a government. When the government lacks an effective, fact-based defense, other techniques must be employed. The success of these techniques depends heavily upon a cooperative, compliant press and a mere token opposition party.

Applying Military Protocol to Cybersecurity Best Practices (Infosecurity Magazine) The majority of protection systems rely on passwords. If a hacker manages to get hold of one via a phishing exploit the rest is history.

Research and Development

Vencore awarded DoD cellular research contract (C4ISRNET) Vencore has been awarded a $6 million Department of Defense contract for cellular communications research.

Academia

Entering Cipher-Space: Register now for the Kryptos Code-breaking Competition (Central Washington University) Sharpen your pencils and engage your brain! κρυπτοσ, or Kryptos, is the annual code-breaking contest open to any and all undergraduate students.

WGU Launches Bachelor's in Cybersecurity and Information Assurance (PRNewswire) To help meet the increasing demand for cybersecurity...

Legislation, Policy, and Regulation

Trump Hails 'Friendship' With China's Xi on First Day of Summit (Bloomberg) President Donald Trump said he forged a friendship with Chinese counterpart Xi Jinping, striking a positive tone in the early hours of the first-ever meeting between leaders of the world’s two biggest economies.

Cybersecurity Must Top Agenda as Trump Hosts Xi (The Diplomat) Trump will need to address pressing cyber threats and policies if he seeks to support American jobs and companies.

As Trump Meets China, US Worries About Beijing’s Supercomputers and Industrial Espionage (Defense One) Network breaches? NSA research director says we ain’t seen nothing yet.

Does the World Need a Geneva Convention for Cyber Warfare? (Techworld) Unlike conventional conflict, there are no rules of play for cyber attacks - is it time countries started talking about this nascent form of warfare?

MEPs Vote for Full Review of Privacy Shield (Infosecurity Magazine) MEPs Vote for Full Review of Privacy Shield. Fears for agreement as European Commission set to investigate

Mixed messages in corporate governance code decrypts (Financial Times) How cryptanalysts might interpret industry responses to MPs’ proposals

Pentagon tech advisers target how the military digests data (Defense News) Technology advisory group says DoD needs to store data in new ways.

Chiefs: DOD cyber will suffer under a continuing resolution -- FCW (FCW) In the DOD, cyber, modernization, training, recruiting and readiness will all take a hit if Congress passes another continuing resolution rather than a full budget, say the Joint Chiefs of Staff.

Democrats Intro New Legislation to Restore FCC Privacy Rules (Infosecurity Magazine) Democrats Intro New Legislation to Restore FCC Privacy Rules. State legislatures also move to enact privacy-enhancing laws

FBI Considers Cyber Uni to Attract Coding Experts (Infosecurity Magazine) FBI Considers Cyber Uni to Attract Coding Experts. Bureau’s strict vetting isn’t helping recruitment efforts

Comey may relax FBI admissions for hacker recruits (New York Post) Aspiring federal agents who can hack a computer with ease but can’t shoot their way out of a paper bag could soon find the FBI to be more welcoming. In a series of recent…

Litigation, Investigation, and Law Enforcement

Suspect in metro attack ‘was duped’ (Times (London)) The bomb being carried by a former sushi chef on the St Petersburg Metro may have been detonated remotely without his consent, a source close to the investigation has said. Akbarzhon Dzhalilov, 22...

Russia Investigation Must Also Probe Surveillance Leaks (Bloomberg View) It's good that Nunes recused himself, but he's right that leaking details of NSA wiretaps is a serious issue.

Why it’s always ‘Russia wot dunnit’ (Spiked) Blaming Russia is a ‘get out of jail free’ card for struggling political elites.

Was Obama’s White House Politicizing Intelligence To Affect 2016? (The Federalist) The truth is that all 17 U.S. intelligence agencies did not conclude that Russia tried to interfere in the election or help Trump win. Not even close.

A Brief Timeline of Devin Nunes’ Odd White House Ties (WIRED) The House Intelligence Committee chair has had himself quite a week.

Analysis | President Trump’s claim, without evidence, that Susan Rice may have committed a crime (Washington Post) We answer key questions from readers, including whether a crime could have been committed.

Fillon vows revenge over sleaze scandal (Times (London)) François Fillon, the French centre-right election candidate, has accused President Hollande of enlisting 20 police officers to dig up dirt on him. Mr Fillon, 63, whose campaign has been damaged by...

«Scandale d'Etat» : Fillon accuse Hollande d'avoir organisé les fuites sur ses affaires (RT en Français) Lors de l'Emission Politique sur France 2, le candidat de droite a exigé une enquête concernant des révélations présumées qui mettraient en cause le chef de l'Etat. Il estime notamment que ce dernier a aidé à faire sortir des documents l'incriminant.

Twitter suing Homeland Security suggests some of those alt Twitter accounts were real after all (TechCrunch) New legal documents show that Twitter is taking the Department of Homeland Security to court to protect the true identity of an account that claims to be run..

Twitter balks at US demand to expose account condemning Trump policy (Ars Technica) Feds cited incorrect law and did not get a judge's signature for account data.

Homeland Security Will Continue to Search Electronic Devices at U.S. Airports (Skift) The Department of Homeland Security will continue searching the mobile phones and electronic devices of travelers at U.S. airports, the agency’s leader said...

Self-Proclaimed ‘Nuclear Bot’ Author Weighs U.S. Job Offer (KrebsOnSecurity) The author of a banking Trojan called Nuclear Bot — a teenager living in France — recently released the source code for his creation just months after the malware began showing up for sale in cybercrime forums. Now the young man’s father is trying to convince him not to act on a job offer in the United States, fearing it may be a trap set by law enforcement agents.

Navy says Iowa State cadets put inappropriate photos online (Navy Times) Members of a military officer training program at Iowa State University posted explicit photos on a Facebook page, an incident the Navy said Thursday was inappropriate and prompted corrective actions.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

(ISC)2 Cyber Security Congress 2017 (Calgary, Alberta, Canada, Apr 26, 2017) The aim of the Cyber Security Congress 2017 is to strengthen cyber security leaders by arming them with the knowledge, tools, and expertise to protect their organizations. In April, 2017 over 150 like-minded professionals will gather for the 1-day congress in Calgary, Alberta, Canada where cyber security experts and industry leaders will share their knowledge, experience and best practices through presentations and interactive panel discussions.

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy and security experts, tech innovators, and senior policy makers the forum to discuss the future of identity. By utilizing the world’s best event technology, K(NO)W connects attendees digitally and physically unlike ever before.

RSAC Unplugged (London, England, UK, Jun 8, 2017) Informal, up close and personal, intimate…that’s RSAC Unplugged. Ignore the background noise and focus on what’s important in information security right now as part of a one-day program focused on excellent content. Raw and uncut, it’s the best of RSA Conference in a single day.

RSA Conference 2017 Asia Pacific & Japan (Singapore, Jul 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, Nov 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

Upcoming Events

SANS 2017 (Orlando, Florida, USA, Apr 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando, Florida from April 7-14. This event features over 40 different cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. SANS 2017 also features numerous opportunities to learn new skills, techniques, and trends at the SANS@Night talks, Vendor Expo, and Lunch-and-Learn sessions. You will hear about the latest and most important issues in talks led by SANS practitioners who are leading the global conversation on cybersecurity.

Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, Apr 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence Executive (NCIX) Bill Evanina. The presentation of a new paper from INSA’s Security Policy Reform Council, “Assessing the Mind of the Malicious Insider,” which discusses the psychological traits and stressors that lead to malicious behavior and identifies continuous evaluation methodologies that can provide early warning of destructive acts. A review of best practices in implementing insider threat programs in the public and private sectors. An assessment of the risks to key supply chains and the prospects of delivering goods uncompromised. A discussion of the greatly overlooked long-term impacts of the 2015 theft of OPM personnel data.

Hack In the Box Security Conference (Amsterdam, the Netherlands, Apr 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture the Flag competition, technology exhibition with hackerspaces, lock picking villages and hardware related exhibits plus a free-to-attend track of 30 and 60 minute talks!

cybergamut Technical Tuesday – 18 April 2017 – Operationalizing Deception for Advanced Breach Detection by Joe Carson of TrapX Security (Elkridge, Maryland, USA, Apr 18, 2017) Organizations continue to struggle with visibility of lateral movement inside their networks. When prevention technologies fail to stop the initial breach, an independent network based technology is needed to provide this visibility. Operationalizing deception as part of an organization’s overall cyber defense provides exemplary early breach detection when preventative controls fail. It is a well-known adage that the defender must be right 100% of the time and the attacker must be right only once. When deception is deployed throughout an organization, now the attacker must be right 100% of the time. This session will discuss the different aspects of deception, and how they are applied. It will show the value of establishing a deception strategy that approaches it holistically. The event will be available at Elkridge and Calverton, Maryland, Middletown, New Jersey, and other cybergamut nodes.

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, Apr 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail." This special program is designed to spotlight some of Maryland’s diverse and dynamic female cybersecurity professionals with stories of triumph and tribulation, advice and inspiration. Can't join us in person? Host a viewing party with your colleagues or fellow students, or tune in individually.

ISSA CISO Executive Forum: Information Security, Privacy and Legal Collaboration (Washington, DC, USA, Apr 20 - 21, 2017) Information Security, Privacy and Legal programs must be closely aligned to be successful in today’s world. Customer and vendor contracts require strong security language. Privacy has moved to the forefront of a global stage. Response to data breaches are often coordinated through Legal departments to protect privilege. Increasing global regulations drives change to Information Security and Privacy practices. Join your Information Security, Legal and Privacy leadership peers to discuss timely issues in these areas.

International Conference on Cyber Engagement 2017 (Washington, DC, USA, Apr 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the worldwide community’s increasing interconnectivity in this domain.Drawing on the experience of government practitioners, industry representatives and academic scholars, this event brings a multidisciplinary and international approach to the challenges in cyberspace from technical, corporate, legal, and policy perspectives in both the United States domestic and international realms – with several topics targeting private sector interests.

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, Apr 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are open to civilians and veterans. Included among the course line-up are several master's degree and graduate certificate courses that are eligible for GI Bill benefits through the SANS Technology Institute graduate school.

Defence Information 2017 (Cranfield, England, UK, Apr 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.

Crimestoppers Conference (Eden Project, Bodelva, St Austell , Apr 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of cyber crime is preventable and just a few key security steps can help avoid damaging your business reputation and finances

Atlantic Security Conference (Halifax, Nova Scotia, Canada, Apr 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines. AtlSecCon provides an unmatched opportunity for IT Professionals and Managers to collaborate with their peers and learn from their mentors.

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look at automotive assembly, industry suppliers, embedded systems, and safeguarding extended customer and product data. The Summit will include two-days of in-depth presentations from top security experts and seasoned practitioners, hands-on learning exercises, and exclusive networking opportunities.

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended to improve network security and performance by exerting much greater control over how ARP traffic flows through the network as well as over what actually delivers the ARP service. Presented by Mark Alan Matties, PhD of The Johns Hopkins University Applied Physics Lab.

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference (Thursday 11th & Friday 12th May) offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result, cybersecurity is more vital to the growth of your organization than ever before. Now is the perfect time to take the next step to protect your organization and advance your career. Join us at SANS Security West 2017 (May 9-18) to gain the skills and knowledge needed to help your organization succeed. Choose from over 30 information security courses taught by SANS’ world-class instructors. At SANS Security West 2017, you will get the best hands-on, immersion training and learn what it takes to stop cyber threats.

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students will receive technical instruction on various topics including threat hunting, network packet analysis, and security assessments. Sessions will also cover operational technology used in the electric sector, and instructional workshops from industry vendors. Students will also participate in facility tours hosted by the Lower Colorado River Authority (LCRA), and evening activities designed to build relationships within industry and strengthen the community of cybersecurity professionals.

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Operation TradeSecret and Sino-US relations in cyberspace. BrickerBot may be a vigilante's work. Amnesia bot herds DVRs. Sathurbot attacks vulnerable WordPress sites. Ransomware threat endures. Surveillance and influence operations.