The CyberWire Daily Briefing 5.15.17

Summary

By The CyberWire Staff

There is news today beyond WannaCry.

Cylance reported Friday the discovery of Baijiu malware, which abuses a popular Japanese Web hosting service, is spread by phishing. The phishbait is a subject line drawing upon sympathy for and interest in victims of a 2016 North Korean flood: “2016 North Korea Hamgyung [sic] province flood insight.” Cylance researchers say Baijiu installs an espionage toolkit using the TYPHOON downloader through some backdoors Cylance calls LIONROCK. Baijiu is evasive, and Cylance warns that "Appropriating the GeoCities’ free, high-bandwidth, civilian infrastructure also helps BAIJIU hide in plain sight, and signals a troubling new trend in attack techniques that is almost surely not restricted to Yahoo’s GeoCities."

FireEye warns of another ongoing cyberespionage effort, the activities of APT32 (a.k.a. OceanLotus). It appears to be "aligned with Vietnam's government," and its targets include Vietnamese dissidents, foreign governments, and foreign corporations.

Emmanuel Macron took office as President of France yesterday. Observers continue to mull the Twitter campaign that made an eleventh-hour push to disrupt his candidacy.

The late Osama bin Laden's son, Hamza bin Laden, competes with ISIS for jihadist mindshare. Bin Laden fils has taken to the Internet to advise those seeking martyrdom on how best to achieve it.

Ukrainian soldiers are receiving hate-SMS from an unknown but probably Russia-aligned actor exploiting vulnerabilities of 2G networks to man-in-the-middle attack.

There's a global dragnet underway against tech-support scammers. Seven men in Florida have already been collared.

The US Army integrates cyber ops into its National Training Center.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, European Union, France, Germany, India, Indonesia, Israel, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Malaysia, New Zealand, Philippines, Russia, Singapore, South Africa, Spain, Taiwan, Ukraine, United Kingdom, United States, and and Vietnam.

On the Podcast

In today's podcast, we talk about WannaCry with our partners at the SANS Institute: Johannes Ulrich from their Internet Storm Center and the Stormcast podcast gives us the current state of the issue. We note that the SANS Internet Storm Center is usually calm and moderate. They've taken their threat level up to yellow, however, which would be the equivalent in most other people of throwing their hat on the ground, stomping on it, and yelling at the top of their lungs.

Sponsored Events

The Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, CenturyLink, root9B, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

CyberTech Fairfax (Fairfax, Virginia, USA, June 13, 2017) Cybertech Fairfax: meet tech execs, start-ups, investors & legal, media & mktg pros changing the global cyber landscape. Cybertech Fairfax is a thought-provoking conference on global cyber threats, solutions, innovations and technologies.

Selected Reading

Dateline

The WannaCry Ransomware Pandemic: Perspective, Reactions, and Prospects (The CyberWire) WannaCry ransomware hit hard late last week, and enterprises worldwide are bracing for further waves of infestation. The hitherto obscure strain of ransomware propagated in wormlike fashion against systems running older Microsoft software. It exploited the vulnerability the Shadow Brokers leaked last month as the weaponized EternalBlue tool. The rate of infection has been very high, temporarily slowed by discovery and activation of a "kill switch," but most observers expect renewed attack as the unknown controllers upgrade the malware.

WannaCry/WannaCrypt Ransomware Summary (SANS Internet Storm Center) The ransomware was first noticed on Friday and spread very quickly through many large organizations worldwide [verge]. Unlike prior ransomware, this sample used the SMBv1 “ETERNALBLUE” exploit to spread. “ETERNALBLUE” became public about a month ago when it was published as part of the Shadowbroker archive of NSA hacking tools [shadow].

Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage (BleepingComputer) Ransomware scum are using an SMB exploit leaked by the Shadow Brokers last month to fuel a massive ransomware outbreak that exploded online today, making victims all over the world in huge numbers.

WannaCry Ransomware: What It Is, and How to Protect Yourself (Fortune) Attacks are expected to continue. Here's how to be prepared.

Security Alert: Uiwix Ransomware Is Here and It Can Be Worse Than Wannacry (Heimdal Security) WannaCry distribution may have dropped, but the ransomware pandemic is not over.

With the Success of WannaCry, Imitations are Quickly In Development (BleepingComputer) With the successful launch of the WannaCry Ransomware last Friday, ransomware developers are being quick to release their own imitations. As of today, I found 4 different WannaCry knockoffs in various forms of development. Let's take a look at what they have to offer.

Correction: WannaCry Ransomware That Struck the Globe Isn't Back, Yet (Motherboard) The ransomware samples without the kill switch do not pose the same threat to the public

Security Alert: WannaCry Leaves Exploited Computers Vulnerable to Round Two (Heimdal Security) Preventing another ransomware outbreak becomes essential

Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far (KrebsOnSecurity) As thousands of organizations work to contain and clean up the mess from this week’s devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what’s being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam.

Companies, governments brace for a second round of cyberattacks in WannaCry’s wake (TechCrunch) As the world readies to open for business on Monday, companies and governments are bracing for a second round of cyberattacks in the aftermath of Friday's..

Dealing with WannaCry on Monday morning, and the days ahead (CSO Online) It's Monday. Across the globe organizations are likely having the same conversation: What happened? What is WannaCrypt (WannaCry)? Are we exposed? What can we do? If you're in the trenches, here's a brief outline that might help you manage some of the conversations you're going to have this week.

Cyber-attack set to escalate as working week begins, experts warn (Guardian) Europol and NHS fear further disruption when workers switch on computers for first time since spread of ransomware

Latest statement on international ransomware cyber attack (National Cyber Security Centre) Since the global coordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, there have been no sustained new attacks of that kind. But it is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.

Europol: Global reach of cyber attack is unprecedented (RTE.ie) There are concerns that the global cyber attack, which has so far affected more than 200,000 victims in 150 countries, could escalate further when people return to work tomorrow.

Ransomware’s Aftershocks Feared as U.S. Warns of Complexity (New York Times) The effects of a global cyberattack could be magnified as workers return to their offices. President Trump has ordered his homeland security adviser to coordinate a response.

The Ransomware Meltdown Experts Warned About Is Here (WIRED) It’s not just British hospitals. A nasty strain of ransomware is sweeping the world.

U.K. Hospitals Hit in Widespread Ransomware Attack (KrebsOnSecurity) At least 16 hospitals in the United Kingdom are being forced to divert emergency patients today after computer systems there were infected with ransomware, a type of malicious software that encrypts a victim’s documents, images, music and other files unless the victim pays for a key to unlock them.

NHS cyber attack brought under control (Times (London)) All but six NHS trusts have returned to normal following yesterday’s extensive cyber attack which caused chaos for 48 hospitals and healthcare services around the country. Amber Rudd, the home...

WanaCrypt ransomware snatches NSA exploit, fscks over Telefónica, other orgs in Spain (Register) EternalBlue now an eternal headache

Telefonica Tells Employees to Shut Down Computers Amid Massive Ransomware Outbreak (BleepingComputer) A ransomware outbreak is wreaking havoc all over the world, but especially in Spain, where Telefonica — one of the country's biggest telecommunications companies — has fallen victim, and its IT staff is desperately telling employees to shut down computers and VPN connections in order to limit the ransomware's reach.

Lyttelton Port to suspend operations over WannaCry ransomware attack (The National Business Review) PLUS: Security expert warns WannaCry's makers have got around kill switch activation, Cert warns about phone scammers.

Global ransomware attacks prompt national 'WannaCry' alert from CyberSecurity Malaysia (Computerworld) "We are continuing to monitor the situation closely," CyberSecurity Malaysia CEO Dato' Dr Amirudin Abdul Wahab confirmed to Computerworld Malaysia.

Cyber Security Experts: Russia Disproportionately Targeted by Malware (VOA) Kaspersky Labs initially reported 45,000 attacks by Wanna Cry malware in more than 70 countries, with Moscow bearing the brunt of onslaught

Russian public institutions hit by massive cyber attack, no damage registered (New China) Dozens of Russian public institutions including the Bank of Russia said on Saturday that they have thwarted a massive cyber attack and prevented vital data loss, Russian media reported.

Ransomware attack: India issues red alert, experts warn of more trouble today (Hindustan Times) The virus may be back today as offices log back in after the weekend. Security experts warn that attackers can easily modify the malware, making it tougher to shut down.

'SA affected in global cyberattack' (EWN) Cyber security company Gold 'N Links Cyber says the malware used in the attack blocks computers until money is paid to unlock it.

Indonesia Warns of More Cyber Attack Havoc as Business Week Starts (US News & World Report) The Indonesian government said the global cyber attack that takes computer data hostage is likely to cause more havoc when offices reopen for business on Monday.

International cyber attacks put ransoms on German rail station screens (The Local (Germany)) A fast-moving wave of cyber attacks that swept the globe Friday targeted German rail operator Deutsche Bahn.

In Israel, cyber experts joined forces to help foil massive attack (The Times of Israel) Private and government professionals set up virtual war room to stave off WannaCry cyberattack, which affected over 150 countries

Netanyahu: Israel unharmed by cyber attack but 'everything could change' (Jerusalem Post) Opening Sunday's weekly cabinet meeting, PM Netanyahu stressed the importance of investing "further resources in order to protect the State of Israel."

WannaCry: the Early 2000s Called, They Want Their Worms Back (Digital Shadows) Earlier today it was revealed that the United Kingdom’s National Health Service was targeted by ransomware known as “WannaCry.” Sixteen NHS organizations were impacted by the attack, and victims have spread across the globe and will likely continue to do so. WannaCry takes advantage of SMB vulnerabilities in Windows, using the ETERNALBLUE exploit which was publicly released by the ShadowBrokers in April.

Honeypot Server Gets Infected with WannaCry Ransomware 6 Times in 90 Minutes (BleepingComputer) The WannaCry ransomware — also known as WCry, Wana Decrypt0r, WannaCrypt, and WanaCrypt0r — infected a honeypot server made to look like a vulnerable Windows computer six times in the span of 90 minutes, according to an experiment carried out by a French security researcher that goes online by the name of Benkow.

Experts: Conditions behind cyberattack may be hard to mimic (KLTV) The cyberextortion attack hitting dozens of countries spread quickly and widely thanks to an unusual confluence of factors: a known and highly dangerous security hole in Microsoft Windows,...

US Homeland Security Offers Helping Hand to Partners Hit by Massive Cyber Attack (Sputnik News) As the world has been struggling to deal with massive cyber-attack that affected thousands of computers in dozens of countries, the US Department of homeland Security issued a statement offering help to the partners affected by Ransomware.

Cylance vs. WannaCry-WanaCrypt0r 2.0 (Cylance) CylancePROTECT® fully prevents all in-the-wild examples of the malware related to WannaCry - WanaCrypt0r 2.0 and EternalBlue. Read more...

WannaCry ransomware used in widespread attacks all over the world (SecureList) Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames.

Huge ransomware outbreak disrupts IT systems worldwide, WannaCryptor to blame (WeLiveSecurity) Ransomware called WannaCryptor spread rapidly around the world today, encrypting files in as many as 100 countries by using the leaked NSA eternalblue SMB exploit.

Bitdefender’s next gen machine learning provides zero day protection from WannaCry ransomware attacks (Borneo Post) On May 12th, the WannaCryptor (WannaCry) ransomware family infected thousands of computers across the world. In just 24 hours, the number of infections has spiked to 185,000 …

SnoopWall Consumer Advisory: Stopping WannaCry - the Global RansomWorm Malware Epidemic (PRNewswire) SnoopWall, Inc., the global leader in breach prevention, today is...

The WannaCry Wave – The Cyber Risk Management Approach (Cytegic) The May 12th wave of global ransomware attacks using the WannaCry ransomware is another nail in the vulnerability management coffin. Attackers have exploited a known Windows vulnerabi…

'Accidental hero' halts ransomware attack and warns: this is not over (Guardian) Expert who stopped spread of attack by activating software’s ‘kill switch’ says criminals will ‘change the code and start again’

Experts discovered a kill switch to slow the spreading of the WannaCry ransomware (Security Affairs) It was a Black Friday for cyber security, organizations and critical infrastructure across at least 74 countries have been infected by the WannaCry ransomware worm, aka WanaCrypt, WannaCrypt or Wcry.

For $10.69, British Researcher Slows Global Cyberattack (Wall Street Journal) Cybercrime experts credit an unidentified British researcher with stumbling onto a “kill switch” that helped slow the spread of a computer worm victimizing the U.K.’s National Health Service and others.lalal

The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack (Microsoft on the Issues) Early Friday morning the world experienced the year’s latest cyberattack.

Microsoft’s response to widespread cyber attacks may make you WannaCry (TechCrunch) Microsoft's president and chief legal officer Brad Smith took to the company's website to give a post mortem on the lessons that need to be learned from the..

Microsoft blames US stockpiled vulnerability for ransomware attack (CSO Online) Microsoft on Sunday said a software vulnerability stolen from the U.S. National Security Agency has affected customers around the world, and described the spread of the WannaCrypt ransomware on Friday in many countries as yet another example of the problems caused by the stockpiling of vulnerabilities by governments.

2 days after WCry worm, Microsoft decries exploit stockpiling by governments (Ars Technica) Company president specifically notes role of NSA code used by Ransomware worm.

Leaked NSA tools linked to global ransomware outbreak, authorities say (Cyberscoop) Large organizations on every continent report being hit by a campaign of ransomware attacks on Friday.

An NSA-derived ransomware worm is shutting down computers worldwide (Ars Technica) Wcry uses weapons-grade exploit published by the NSA-leaking Shadow Brokers.

Leaked NSA exploit blamed for global ransomware cyberattack (RT International) A zero-day vulnerability tool, covertly exploited by US intelligence agencies and exposed by the Shadow Brokers hacking group has been blamed for the massive spread of malware that infected tens of thousands of computer systems globally.

Why the Latest Global Cyber Attack Is So Worrisome (Fortune) Renewed concerns about the U.S. National Security Agency hoarding software vulnerabilities.

A large-scale cyber attack highlights the structural dilemma of the NSA (The Economist) America's National Security Agency is torn between defending computer systems and attacking them

‘Cyber arms race would be detriment to humanity’ (RT International) The international community should come together to tackle cyberattacks rather than turning on each other, which only aids the perpetrators and may even lead to a new kind of arms race, author and historian Gerald Horne says.

Cyber Attacks, Threats, and Vulnerabilities

BAIJIU: New Malware Abuses Popular Japanese Web Hosting Service (Cylance) Baijiu takes advantage of humanitarian concern for North Korean flood victims.

Report: Hackers ‘aligned’ with Vietnam government attacked international firms and media (TechCrunch) A hacker group "aligned with Vietnamese government interests" carried out attacks on corporate companies, journalists and overseas governments over the past..

Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations (FireEye) Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists.

The Twitter Bots Who Tried to Steal France (The Daily Beast) The Macron hack and the Twitter push that amplified it struck many as eerily reminiscent of Russia’s meddling in the US election—and for good reason.

Hamza bin Laden offers ‘advice for martyrdom seekers in the West’ | FDD's Long War Journal (FDD's Long War Journal) Hamza bin Laden, the son of al Qaeda founder Osama bin Laden, has released a new message offering "advice" for "martyrdom seekers in the West."

Soldiers sent hate-SMS messages from rogue base stations (Naked Security) The culprit exploits a design feature of older 2G networks in a type of man-in-the-middle attack

Discord Phone Bot Abused for Swatting and Harassing Calls (BleepingComputer) A newly launched bot for the Discord online chat service is being abused by "attention seekers" for swat calls and for placing harassing calls, experts from Flashpoint have recently discovered.

Huge Trove Of Confidential US Medical Records Discovered On Unsecured Server Accessible To Anyone (Gizmodo) At least tens of thousands, if not millions of medical records of New York patients were until recently readily accessible online to just about anyone who...

Analysis of 500 million passwords shows what you should avoid (Help Net Security) A dump of over 550 million username and password combinations is currently being sold on underground forums, and eager crooks are all over it.

Access codes for United cockpit doors accidentally posted online (TechCrunch) United Continental Holdings alerted pilots that access codes to cockpit doors were accidentally posted on a public website by a flight attendant, reports the..

Security Patches, Mitigations, and Software Updates

WCry is so mean Microsoft issues patch for 3 unsupported Windows versions (Ars Technica) Decommissioned for years, Windows XP, 8, and Server 2003 get emergency update.

HP pushes out fix for keylogging audio driver in its laptops (Help Net Security) A number of HP laptops contain an audio driver that logs users' keystrokes and stores them in an unencrypted file on the local system.

Cyber Trends

The Future of Ransomware: Data Corruption, Exfiltration and Disruption (Infosecurity Magazine) What’s Next for Ransomware? The ransomware trends expect to see are Data Corruption, Exfiltration and Disruption.

Our race against computer viruses is endless (Times (London)) The WannaCry ransomware cyberattack of last week, which briefly crippled much of the National Health Service, may be the biggest, but it will not be the last outbreak of cybercrime. Remember your...

Key to smart cybersecurity spending: Remove redundancies and strive for unification (Help Net Security) There is no consensus about what constitutes smart cybersecurity spending without defined goals and objectives. So, what do you do? This article explains.

Marketplace

AKUA raises $3 million Series Seed Financing for IoT Supply Chain Transformation (Sys-Con Media) Venture investors see potential to disrupt supply chain management to the benefit of cargo owners

In an age of wiretaps and instant communication, this Chantilly firm looks to grow (Washington Business Journal) The lawful surveillance firm serves as the conduit between court orders, law enforcement and telecommunications firms — and its expanding overseas.

GSA partners with HackerOne for first federal civilian bug bounty (Fedscoop) The General Services Administration will be the first federal civilian agency to engage in a bug bounty program. On May 9, GSA’s Technology Transformation Service and digital team 18F awarded HackerOne to be the agency’s “Software-as-a-Service bug-reporting platform,” which will reward independent researchers for their discovery of public-facing web vulnerabilities while giving the agency time to …

Products, Services, and Solutions

VIPRE Extends Special Offer to Kaspersky Lab Customers Concerned About Their Data Security (PRNewswire) Exclusive buyback program offers six months free for new customers following U.S. intelligence leaders raising concerns about Russian company

Technologies, Techniques, and Standards

A guide on how to prevent ransomware (Help Net Security) This article details several recommendations to help you in reducing the likelihood of future infection by ransomware, or indeed any other malware.

The Pentagon’s New Algorithmic Warfare Cell Gets Its First Mission: Hunt ISIS (Defense One) Turning hours of drone video into actionable intelligence is just the start for the fast-moving machine-learning team.

Army Training In California Desert To Take On Cyber Threats (KPBS Public Media) US Army Cyber Command wants to know if it can insert experts onto the battlefield to help troops on the front line combat cyber threats.

Penetration testing essential for success in security arms race (ComputerWeekly) Demand for security testing, which should be conducted from the onset rather than as an afterthought, is growing in Australia

How CISOs can answer difficult questions from CEOs (CSO Online) A hypothetical conversation can become all too real, and hopefully you are prepared with the answers. Here is a script to help get you started.

Privacy awareness checklist for GDPR readiness (Help Net Security) Knowledge assessment surveys are the most direct way to measure what your employees know and don’t know about privacy best practices.

Research and Development

Father-son duo creates cybersecurity tool (Newsday) A collaboration between an 11-year-old East Northport boy and his IBM inventor father has given voice to cybersecurity tools using that company’s Watson artificial intelligence

Academia

IUP to offer two cybersecurity camps this summer (Indiana Gazette) After an initial and successful Cybersecurity Camp for middle and high school students and teachers at Indiana University of Pennsylvania in 2016, IUP is expanding the program to offer two free cybersecurity camps this summer at the university.

Legislation, Policy and Regulation

Brazilian Army Invests in Cyber Defense (Dialogo Americas) The Cyber Defense Command, a new Brazilian Army unit, was created to increase the nation’s security against cyberattacks.

Army beefs up cyber-defense unit as it gives up idea of unified cyber command (The Times of Israel) Military Intelligence to keep collected intel with coveted Unit 8200; IDF’s Computer Service Directorate to be charged with protection and counter-attack, officer says

“A Question of Trust”: some thoughts on the SRA’s consultation (Lexology) The decade since the enactment of the Legal Services Act 2007 (the "LSA") has seen significant regulatory reform in the legal sector, including the…

Takeaways from Trump's cybersecurity executive order (Axios) It's been in the works for a long time

SECURITY: Trump promises new 'rules of the road' for cyberspace (EnergyWire) President Trump yesterday issued an anticipated plan to defend federal agencies and critical infrastructure against potent cyberattacks from U.S. adversaries. While the marching orders for federal agencies were defined, the strategy for the rest of the country and its vital networks remains to be written.

Trump executive order draws praise from cybersecurity experts (GSN) President Donald Trump on Thursday signed a long-anticipated executive order calling for the federal government to ramp up its cybersecurity measures.

Trump’s cyber security executive order: succeeding where Obama failed? (Information Age) President Trump has signed his first cyber security executive order, with the aim of enhancing the US’s cyber defence capability

Lack of resilience led to lack of cyber strategy, says former DNI (C4ISRNET) In the quest to develop a cyber policy, several critical roadblocks lie ahead that seem to both stymie the process and might affect the ability of the U.S. to project power in cyberspace.

Sen. Ron Johnson: Policymakers must look to private sector for cyber solutions (Washington Examiner) There's "no timeline" for producing cyber bills out of the Senate.

Intelligence Professionals Describe 'Overwhelming' Threats to Homeland; Comey Firing Not Among Them (CNS News) The United States lacks a strategy and a policy on cyber-security, even though cyber attacks are "one of the top, if not the number-one threat" facing the nation, Director of National Intelligence Dan Coates told a Senate hearing on Thursday.

FBI agents group endorses Mike Rogers for FBI director (POLITICO) FBIAA President Thomas F. O’Connor said in a statement that Rogers "exemplifies the principles that should be possessed by the next FBI Director."

Clapper: US govt 'under assault' by Trump after Comey firing (Military Times) Former Director of National Intelligence James Clapper on Sunday described a U.S. government "under assault" after President Donald Trump's controversial decision to fire FBI director James Comey, as lawmakers urged the president to select a new FBI director free of any political stigma.

Litigation, Investigation, and Enforcement

Exclusive: How Russian hackers attacked the 2008 Obama campaign (Newsweek) The Kremlin continues to target former Obama officials with an intelligence-gathering effort, according to a new report.

Rod Rosenstein's letter recommending Comey be fired (BBC News) This is the letter in full by the deputy attorney general, recommending Comey be sacked.

Schumer: No FBI director until special prosecutor named (POLITICO) “To have that special prosecutor, people would breathe a sigh of relief."

Sen. Mike Lee: 'Probably inevitable' that any Trump tapes be handed over (Washington Examiner) The Utah Republican said any recordings would be subpoenaed and turned over.

Stop Thinking James Comey Keeps All His Files in a Cardboard Box (WIRED) Technology has come a long way since the Saturday Night Massacre.

Trump Keeps Acting Like He Has Something to Hide (Foreign Policy) America’s rule of law now hinges on whether the GOP still feels loyalty to the republic, not just Republicans.

Attention, liberals: Comey deserved to be fired, and the Constitution is just fine (Vox) The hyperventilation in Washington is unjustified.

US intelligence chiefs don't trust Kaspersky Lab software (Help Net Security) US intelligence chiefs are not comfortable having on their computer software created by Russian security company Kaspersky Lab.

US intelligence chiefs don't trust Kaspersky. But why? (Graham Clulely) Beware rushing to accuse Russian anti-virus of dirty tricks.

Did Kaspersky step in dog-doo? (CSO Online) How did Kaspersky find themselves in the cross hairs of the US intelligence community

Major international crackdown on tech support scams (Help Net Security) There's an international crackdown on tech support scams that trick consumers into believing their computers are infected with malware.

7 Florida Men Charged in Global Tech Support Scheme (Dark Reading) Federal fraud charges have been filed against seven men for their involvement in an international tech support scam.

8 Notorious Russian Hackers Arrested in the Past 8 Years (Dark Reading) Lesson learned by Russian cybercriminals: Don't go on vacation, it's bad for your freedom to scam.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

cybergamut Technical Tuesday: Future of System Exploitation (Elkridge, MD, USA, May 23, 2017) This talk describes recent trends in vulnerability research and system exploitation, provides case studies of systems that were compromised that were not believed to be vulnerable (or in novel ways), discusses implications and makes some predictions regarding future trends in the area. It will be presented by: Jason Syversen of Siege Technologies. He's a computer security technologist and entrepreneur with 20 years of experience in technical and leadership roles with cybersecurity, research, and development organizations.

SC Cyber 2017 Summit (Columbia, South Carolina, USA, May 23, 2017) SC Cyber, in partnership with the U.S. Chamber of Commerce and the South Carolina Chamber of Commerce, will host a cybersecurity summit that brings together top experts nationally from government, law enforcement, and the private sector to help small and mid-size business owners develop, evaluate, and strengthen cybersecurity programs. More than 300 attendees are expected, representing industry, government, military, and academia.

upcoming Events

International Conference for the Criminalization of Cyber-Terrorism (Abu Dhabi, UAE, May 15 - 16, 2017) The International Conference for the Criminalization of Cyber-Terrorism will focus on developing practical approaches to criminalise cyber-terrorism by furthering cooperation between anti-cyber-terrorism organizations and institutions. Best methods to initiate a comprehensive international legal framework that criminalizes cyber-terrorism will feature high on the event's agenda.

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy and security experts, tech innovators, and senior policy makers the forum to discuss the future of identity. By utilizing the world’s best event technology, K(NO)W connects attendees digitally and physically unlike ever before.

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. The 2016 Inaugural Cyber Investing Summit welcomed 180+ of the leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. New this year: separate panels offered throughout the day highlighting publicly traded firms as well as privately owned entities, opportunities to meet one-on-one with corporate executives, and new panel topics (including Investment Strategies & Opportunities, M&A Landscape, Funding for Startups, Government Spending Review, Cyber Sale Lifecycle, and more). Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

CyberSmart 2017 (Fredericton, New Brunswick, Canada, May 24 - 25, 2017) As cybersecurity grows as a significant global challenge, the growing gap between Canada’s cyber workforce demand and supply offers our country both a challenge and an opportunity. CyberSmart 2017 will convene leaders from industry, academia and government to identify and discuss priorities for a Canadian cybersecurity education and workforce development strategy.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D. The agenda for 2017 will include: Challenges of Increasingly Autonomous Systems, The Collaborative Spectrum Grand Challenge, Spectrum Usage as a Critical Enabler for the US, Modernization of the Global C4ISR Enterprise, Breakthroughs in Military Simulation, Government Solutions to the Optics of ISR, Emerging Solutions and Challenges in SCADA/IOT, Cloud Migration and Interoperability, Modeling & Simulation to Streamline Procurement, and Secure Mobility Challenges.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community outreach efforts, for advancement of information security practice and awareness in our society. We also strive to provide enjoyable opportunities for professional networking and growth.

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider threats, and protecting critical infrastructure. CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona’s developing leadership in cybersecurity. Subject Matter Experts (SMEs) will be on hand to share information on the latest cybersecurity trends, best practices, and key innovations.

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment.

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10, is Royal Sonesta Hotel Houston, located in the heart of the Galleria area of Uptown Houston.

Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the European Commission. All are invited to attend! The theme of the Summit is “Measuring and Managing Software Risk, Security and Technical Debt.” Discussion will focus on the latest strategic thinking from innovative American and European CIOs and IT policy makers.

National Cyber Security Summit (Huntsville, Alabama, USA, June 6 - 8, 2017) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. The summit attracts commercial and defense companies as well as healthcare, automotive and energy industries.

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators and entrepreneurs, from leading venture capitalists and financiers, and from government agencies who look to our industry base for technologies and solutions.

2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies and identify next-generation technologies to improve their resiliency. Topics include Artificial Intelligence, IoT, Advanced Analytics, APT Profiles, Blockchain, Cloud and more!

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Ransomware pandemic. Baijiu malware. APT32 and Vietnam. Twitterbots and France's election. Info ops from al Qaeda. Hostile SMS to Ukrainian soldiers. Dragnet scoops up tech-support scammers. US Army brings cyber to NTC.