Cyber Attacks, Threats, and Vulnerabilities
The WannaCry Ransomware Pandemic: What about ICS? And Sequelae Include the Usual Fraud. (The CyberWire) Inevitably, successful attacks have aftershocks in the form of fraudulent remediation. In this case, the WannaCrypt quake's reverberations include a wave of fraudulent mobile apps promising protection from the ransomware. Easy Solutions warns against the dangers of the adware being served up.
Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3 (Recorded Future) This is the first time researchers have been able to attribute a threat actor group with a high degree of confidence to the Ministry of State Security.
Shadow Brokers teases more Windows exploits and cyberespionage data (CSO Online) A group of hackers that previously leaked alleged NSA exploits claims to have even more attack tools, as well as intelligence gathered by the agency on foreign banks and ballistic missile programs.
ShadowBrokers Planning Monthly Exploit, Data Dump Service (Threatpost) The latest rant from the ShadowBrokers ends with news of a subscription service starting in June that will leak exploits and stolen data to paying customers.
Stop Blaming the NSA for the Ransomware Attack (Defense One) An inside look at how the intelligence community deals with the exploitable software bugs it finds.
Why Governments Won’t Let Go of Secret Software Bugs (WIRED) The harder part will be determining when certain vulnerabilities, like WannaCry, are too big to keep secret.
New Cryptomining Threat Could Overshadow #WannaCry (Infosecurity Magazine) New Cryptomining Threat Could Overshadow #WannaCry. Adylkuzz uses same NSA exploits as infamous ransomware campaign
Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry (Ars Technica) Campaign that flew under the radar used hacked computers to mine Monero currency.
After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit (TrendLabs Security Intelligence Blog) WannaCry ransomware’s outbreak during the weekend was mitigated by having its kill switch domain registered. It was only a matter of time, however, for other cybercriminals to follow suit. Case in point: the emergence of UIWIX ransomware (detected by Trend Micro as RANSOM_UIWIX.A) and two notable Trojans our sensors detected.
WannaCry Variants Pick Up Where Original Left Off (Threatpost) Exploits spreading WannaCry ransomware have surfaced after the discovery of a killswitch put a quick halt to the initial global outbreak.
WannaCry 2.0? New ransomware variant without kill switch emerges (International Business Times UK) The new harder-to-kill strain is already infecting computer systems in four countries, renewing fears of another wave of cyberattacks across the world.
#WannaCry Roars Back After Killing the Kill Switch (Infosecurity Magazine) It took about a day for bad actors to hit back after a kill switch stopped WannaCry in its tracks.
WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool (Dark Reading) Massive ransomware worm attack appears to have come with a poorly planned anti-analysis feature.
WannaCry Remedies Are The Second Wave of Attacks (Easy Solutions) What we know about WannaCry, why alleged remedies are just another fraud vector and how the sophisticated the manipulation of the human factor has become.
WannaCry in retreat but ‘cyberattack game has changed’ (South China Morning Post) Malware puts weapons of mass cyber destruction in hands of everyday thugs, Chinese specialist says
The WannaCry ransomware might have a link to North Korea (CSO Online) As security researchers investigate last Friday’s massive attack from the WannaCry ransomware, they’ve noticed clues that may link it with a North Korean hacking group that has been blamed for attacking banks across the world.
In Computer Attacks, Clues Point to Frequent Culprit: North Korea (New York Times) Indicators are far from conclusive, but intelligence officials and private security experts say that North Korean-linked hackers are likely suspects in global ransomware attacks.
WannaCry: Who's behind it? Who's to blame? (Help Net Security) The attack has, by accident or on purpose, attracted the attention of the public, security researchers, law enforcement and intelligence agencies.
A Technical Analysis of WannaCry Ransomware (LogRhythm Lab) Ransomware that has been publicly named "WannaCry," “WCry” or "WanaCrypt0r" (based on strings in the binary and encrypted files) has spread to at least 74 countries as of Friday 12 May 2017. This blog addresses the technical analysis of the ransomware, mitigation, LogRhythm signatures, Network Monitor query rules, and indicators of compromise.
WannaCry Ransomware Analysis: Lateral Movement Propagation (Alcavio) Analysis of the lateral movement technique used by the WannCry ransomware.
WannaCry? Do your own data analysis. (SANS Internet Storm Center) With endless amounts of data, technical detail, and insights on WannaCrypt/WannaCry, and even more FUD, speculation, and even downright trolling, herein is a proposal for you to do your own data-driven security analysis
WCry ransomware worm’s Bitcoin take tops $70k as its spread continues (Ars Technica) Three wallets linked to the code take in over 250 payments so far.
Paying the WannaCry ransom will probably get you nothing. Here's why. (CSO Online) Last Friday’s massive WannaCry ransomware attack means victims around the world are facing a tough question: Should they pay the ransom? Those who do shouldn't expect a quick response -- or any response at all. Even after payment, the ransomware doesn’t automatically release your computer and decrypt your files.
The Ransomware Hackers Made Some Real Amateur Mistakes (WIRED) Researchers say the worst ransomware epidemic ever is also poorly run, shoddily coded, and barely profitable.
Top 5 Tips to Avoid the next Ransomware Attack (Panda Security Mediacenter) Panda Security has created a short list of what should you do to prevent yourself from becoming a victim of ransomware. Check it out!
How to protect against WannaCry Ransomware? (Anubis Networks) See how to protect your company against WannaCry Ransomware
Experts: WannaCry Ransomware Is Just the Beginning (SIGNAL Magazine) The crippling ransomware attack that paralyzed hospitals, universities and businesses globally was just a cyber vulnerability appetizer, experts warn.
Ransomworm: The birth of a monster (Help Net Security) The most likely way the ransomworm would infect your computer is using a method that circumvents traditional security technologies.
WannaCry: Seeing the Bigger Picture (LinkedIn) About two months ago an article of mine was published in DarkReading called “Commodity Ransomware is Here.” The takeaway? Launching a ransomware attack has practically become as easy as ordering a pizza online. WannaCry provides a case in point for commodity ransomware. There are many lessons to be learned from the attack, ranging from vulnerability disclosure, patching, retiring archaic systems, to continuity planning. We hyperventilate over each big, new attack (Target, Sony, OPM, Anthem, DNC, Dyn) but we lose site of the bigger picture.
WannaCry ransomware worm attacks the world (SecurityInfoWatch.com) Ransomware infection has locked up more than 200K computers in over 150 countries since last week
Ransomware hits small number of U.S. critical infrastructure operators: official (Reuters) A small number of U.S. critical infrastructure operators have been affected by the global ransomware worm, but there has been no significant disruption in their work, a Department of Homeland Security official told Reuters on Monday.
Ransomware and control system cyber security (Control Global) DoS is typically accomplished by flooding the targeted machine to overload systems and prevent some or all legitimate requests from being fulfilled. However, it does not matter if the service/system is shutdown by the attacker or by the end-user in response to the attacker– the system is still shut down.
ICS Environments: Insecure by Design (Security Week) Industrial control system design flaws have a profound impact on security posture of operational networks
Chrome Browser Hack Opens Door to Credential Theft (Threatpost) Researchers at DefenseCode claim a vulnerability in Google’s Chrome browser allows hackers to steal credentials and launch SMB relay attacks.
Disney Hackers Threaten to Release Upcoming Movie: Report (Infosecurity Magazine) Disney Hackers Threaten to Release Upcoming Movie: Report. Rumors suggest latest Pirates of the Caribbean blockbuster may have been stolen
New Pirates of the Caribbean movie leaked online after hackers fail to extort money (Graham Cluley) The responsible party is known for these types of attacks…
1.9 million Bell Canada customer account details stolen, leaked (Help Net Security) The Bell Canada data theft incident includes a leak of 1.9 million email addresses and some 1,700 names and active phone numbers.
Cybercrooks fight over DDoS attack resources (CSO Online) As more groups get into the denial-of-service attack business they're starting to get in each other's way, according to a report released this morning. That translates into a smaller average attack size.
New Threat Research Shows Vietnam a Rising Force in Cyberespionage (Dark Reading) FireEye report on APT32 puts evidence together of a group attacking private and public targets for the sake of Vietnamese state interests.
The Fundamental Flaw in TCP/IP: Connecting Everything (Dark Reading) Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
Sobering Thoughts When a Connected Medical Device Is Connected to You (Security Week) I recently had reason to spend an overnight visit in the hospital. When friends and family left me late in the evening I was confronted with a subject that I had considered professionally but never had to face personally: the connected medical device.
Some Starbucks are suffering from a payment outage and giving out free coffee (TechCrunch) This morning the TechCrunch staff woke up at our Disrupt NY hotel to find out that the Starbucks in the lobby couldn't accept any payments -- meaning they..
VA warns veterans that scammers are trying to take advantage of Choice Program users (Military Times) Scammers are targeting veterans who misdial the area code for the Veterans Choice program hotline.
Security Patches, Mitigations, and Software Updates
Apple issues security updates for macOS, iDevices (Help Net Security) It's time to patch your Mac and iDevices again: Apple has released security updates for MacOS, iOS, watchOS, tvOS, iTunes, iCloud for Windows, and Safari.
Ivanti Releases Free 90-Day Patch License Following WannaCrypt Attack (PRNewswire) Best-in-industry patch management solutions released free of charge to counteract pressing global ransomware threat
Cyber Trends
After a data breach is disclosed, stock prices fall an average of 5% (Help Net Security) Data security breaches can negatively impact an entire organization, and have a significant negative impact on company finances and shareholder value.
Industry Check: Where Real Companies Stand With Threat Intelligence (Infographic) (Recorded Future) We’ve put together results from a recent survey, gathering insight from more than 200 threat intelligence professionals across an array of industries.
Majority of CEOs Knowingly Raise Risk Level With Their Shadow IT (Dark Reading) Despite the increased risk shadow IT poses to security, a majority of CEOs surveyed say they are willing to take the risk, according to a survey released today.
Study: Rooted Androids, Jailbroken iPhones Found in Enterprises (Dark Reading) A study released today gives greater insight into some of the worst fears for security pros trying to manage employees' BYOD mobile phones.
New Bay Dynamics Report Reveals Cyber Security Professionals in Vital Industries Don’t Trust What Their Tools are Telling Them – Bay Dynamics (Bay Dynamics) 64% of threat alerts are not addressed daily, 52% need manual reprioritization & 79% of cyber pros say patching approval process significantly manual
How Many People Does It Take to Defend a Network? (Dark Reading) The question is hard to answer because there aren't enough cybersecurity pros to go around.
Ready, set, race to the IoT hub (Help Net Security) A single secure hub is a far better proposition than many, many unsecured devices, each of which could be an open invitation to attackers.
Marketplace
Outsourcing security: Would you turn over the keys to a third party? (CSO Online) Years ago it would have been unthinkable to give up control to securing your most valuable assets. But for some companies the risk of handing the security keys to a third party is less than the idea of facing the daily barrage of attacks.
CrowdStrike Closes $100 Million Series D Financing Round (BusinessWire) The go-to company to stop breaches exceeds $1 billion in valuation; validates AI cloud-based endpoint protection as the new standard for endpoint security
The Cybersecurity Firm That Investigated the DNC Hack Just Reached $1 Billion Valuation (Fortune) It just landed $100 million in funding.
VMware acquires mobile application performance provider Apteligent (CRN Australia) Extends cloud, end-user computing capabilities.
Cyberbit to Provide Cybersecurity Product Suite for Israel's First Secure-by-design Government Facility (PRNewswire) Cyberbit , the wholly owned subsidiary of Elbit Systems (NASDAQ: ESLT)...
Products, Services, and Solutions
Bricata Releases New Advanced Threat Hunting and Detection Capabilities (Bricata) cylance, cybersecurity, packet capture, threat hunting
Guidance Software Announces Tableau TX1 Forensic Imager (BusinessWire) Guidance Software, the gold standard in forensic security, today announced the release and availability of a new generation of Tableau Forensic Imager
Signal Sciences Debuts Web Protection Platform (eSecurity Planet) WPP is an evolution of the company's technology which is now set to grow even further thanks to a new $15M Series B round of funding.
Veeam overhauls Availability Console and beefs up AWS, Azure support (CRN Australia) Australian MSPs weigh in on security.
Army is in the market for a cyber range (C4ISRNET) The Army released a solicitation for proposals on a new cyber range.
SurfWatch Labs Extends Its Strategic and Operational Cyber Threat Intelligence to Address Heightened Risk from Expanding Digital Footprints (PRWeb) Digital Risk Monitoring capabilities include continuous visibility and intel on risks to your technology and physical infrastructure, brand(s) and third party vendors
Technologies, Techniques, and Standards
Wear Camouflage While Hunting Threats (Security Week) The practice of threat hunting is rapidly becoming a critical function for security operations teams. In fact, the practice has evolved from being used by only the most sophisticated security teams and is now becoming standard practice in most SOCs. Going out to find threats and attackers is a great complement to existing detection based security.
DocuSign Phishing Email Detected (Crossroads Today) The Email Laundry's cyber threat intelligence backed email filters have detected a new phishing email impersonating DocuSign making its rounds. Users who have used DocuSign in the past have received an email from the company with a link that installs malware when the user clicks on it.
Design and Innovation
Deep Science AI monitors security feeds for masks and guns to quicken response times (TechCrunch) You're working late at the 7-Eleven when a guy comes through the door with a mask and a gun. You raise your hands, follow his instructions, empty the cash..
DefinedCrowd is teaching machines to better understand the complexities of language (TechCrunch) What DefinedCrowd offers isn’t particularly easily to distill into a quick elevator pitch. Taking the stage today as part of the Disrupt New York..
Research and Development
European Commission launches €5m DECODE blockchain project (Computing) Monopolisation of personal data by small number of giant firms is no longer sustainable, says Nesta director
Legislation, Policy, and Regulation
Difficulty of GDPR Advice and Buy-in Detailed (Infosecurity Magazine) The main difference in the change from Data Protection Act to the GDPR regime is that you cannot write the fines off as an operational expense.
More than Half of UK Business Owners Unaware of GDPR (Infosecurity Magazine) Firms large and small fail to identify fines associated with new legislation
Tokyo to lay out cyberattack countermeasures (Nikkei Asian Review) Options include digital retaliation when critical infrastructure is damaged
China Is Creating a DNA Database Straight Out of Science Fiction (Defense One) The Ministry of Public Security has collected the genetic information of more than 40 million people — and counting.
The Wide-Ranging Impact of New York's Cybersecurity Regulations (Dark Reading) New York's toughest regulations yet are now in effect. Here's what that means for your company.
Litigation, Investigation, and Law Enforcement
Ukraine Banned Its Biggest Social Network Over Fears of Russian Influence (Motherboard) The ban extends to over 400 companies total.
Facebook hit with maximum fine for breaking French privacy law (CSO Online) The French data protection watchdog has imposed its harshest penalty on Facebook for six breaches of French privacy law.
Thailand backs down on threat to ban Facebook (TechCrunch) The government of Thailand has backed down on a threat to ban Facebook if it did not block content deemed to be illegal in the country. The ruling military..
Trump confirms he shared intel with Russia’s foreign minister (Ars Technica) National Security Advisor: Trump didn't expose sources or methods.
White House insists Trump's disclosures 'wholly appropriate' (Defense News) The White House on Tuesday defended President Donald Trump's disclosure of classified information to senior Russian officials as "wholly appropriate," as Trump tried to beat back criticism from fellow Republicans and calm international allies increasingly wary about sharing their secrets with the new president.
McMaster calls Trump's conversation with Russian officials 'wholly appropriate' (POLITICO) But McMaster did defend the president against allegations that his conversation with Lavrov and Kislyak, whatever its focus, was out of line.
Israel Said to Be Source of Secret Intelligence Trump Gave to Russians (New York Times) The revelation adds a potential diplomatic complication to an episode that has renewed questions about how the White House handles sensitive intelligence.
McMaster: Trump didn't know where intel came from (TheHill) National security adviser H.R. McMaster on Tuesday said President Trump did not jeopardize intelligence assets by revealing highly sensitive information to Russian officials, adding that Trump did not know where the intel came from.
Besieged White House denies, defends as new bombshells hit (Military Times) President Donald Trump personally appealed to FBI Director James Comey to abandon the bureau's investigation into National Security Adviser Michael Flynn, according to notes disclosed late Tuesday that Comey wrote after the meeting. The White House issued a furious denial near the end of a tumultuous day spent beating back potentially disastrous news reports from dawn to dusk.
Comey Memo Says Trump Asked Him to End Flynn Investigation (New York Times) “I hope you can let this go,” the president told the F.B.I. director in an Oval Office meeting in February, according to a memo James B. Comey wrote.
CIA director will brief House Intel Committee Tuesday (TheHill) CIA Director Mike Pompeo is expected to brief House Intelligence Committee members on Tuesday night, in the wake of reports that President Trump disclosed highly classified information to top Russian officials.
What Happens When Intelligence Agencies Lose Faith in the President? (The Atlantic) If bureaucrats restrict the information they share with political leaders, the damage could prove deep and lasting.
The Risks of Sharing Intelligence (The Atlantic) According to recent news reports, President Trump divulged highly classified material to Russian officials, potentially endangering the U.S. relationship with the source of that information.
Former GP surgery administrator fined £790 for unlawfully accessing patient records (Computing) NHS admin Sally Anne Day given paltry fine for causing distress to two patients
Hospitals rapped for sharing 1.6m patient records with Google (Naked Security) Passing the patient records to the Google-owned company to help it build a health app as ‘inappropriate’, warns watchdog
Family of slain DNC staffer Seth Rich blasts investigator's police obstruction claims (KMPH) A private investigator Tuesday said there is evidence to suggest slain Democratic National Committee staffer Seth Rich made contact with Wikileaks prior to his death -- sparking a onslaught of tweets from conspiracy theorists and Twitter bots who link his
FTC launches crackdown on tech support scammers (Naked Security) Scammers get away with stealing an average of $290 – don’t be their next victim. Here’s our advice on how to spot them and avoid them
Chelsea Manning, who served more prison time than any US leaker, is freed (Ars Technica) "Whatever is ahead of me is far more important than the past."