Cyber Attacks, Threats, and Vulnerabilities
The WannaCry Ransomware Pandemic: Week One and the Weeks to Come. (The CyberWire) WannaCry is closing out its first week in the wild. To summarize, China and Russia have been hardest hit, with the largest number of infections striking unpatched Windows 7 machines. Those behind the attack may have failed to make big money, certainly not nearly as big as the scope of the pandemic might suggest, but they have succeeded in large-scale business disruption, and in drawing odium toward the US National Security Agency. We wrap up this round of our coverage with a look at what WannaCry accomplished and failed to accomplish, what you can do to protect yourself, and what we might look for in the future.
WannaCry Ransomware Infection Map (Check Point Software) [A map of infections, by country.]
Oddities in WannaCry Ransomware Puzzle Cybersecurity Researchers (Reuters via US News & World Report) The WannaCry malware that spread to more than 100 countries in a few hours is throwing up several surprises for cybersecurity researchers, including how it gained its initial foothold, how it spread so fast and why the hackers are not making much money from it.
Security experts find clues to ransomware worm's lingering risks (Reuters) Two-thirds of those caught up in the past week's global ransomware attack were running Microsoft's Windows 7 operating system without the latest security updates, a survey for Reuters by security ratings firm BitSight found.
WannaCry ransomware code appears linked to suspected North Korean APT (SC Magazine US) Analysis of the WanaCrypt0r 2.0 ransomware that bedeviled enterprise across the globe this past weekend has reportedly turned up potential links to the alleged North Korean hacking institution known as the Lazarus Group.
North Korea's hacker army: A look at Hermit Kingdom's 'elite' cyber ops (Fox News) Last week’s global cyber attack has shed light on the shadowy and highly sophisticated team of cyber spies in North Korea believed to be among the best hackers in the world.
WannaCry: Ransomware Catastrophe or Failure? (Dark Reading) Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
WannaCry Ransomware Hits U.S. Critical Infrastructure (eSecurity Planet) The victims include small utilities and manufacturing sites, according to Dragos CEO Robert M. Lee.
When Dumpster Fires Make You WannaCry (TreatConnect) Stepping back and taking stock of WannaCry lessons learned
Wanna Cry? Unpatched software is the culprit once again (CyberInt) Recent WannaCry attack is a wake-up call for organizations of all sizes. What can organizations do to avoid becoming a victim of the next ransomware attack?
WannaCry Ransomware: What We Know So Far (RSA Conference) Late in the day on Friday, May 12, a massive ransomware attack hit 200K organizations in 150 countries. The ransomware that has been named “WannaCry,” took advantage of Windows systems that had not yet been updated with Microsoft’s March security patch. Per the ransomware playbook, this attack locked people out of their computers, encrypted files and demanded those impacted pay up to $300 in bitcoin -- a price that doubles after three days. What's worse is the malware also behaves like a worm, potentially infecting computers and servers on the same network.
How to Mitigate Damages from WannaCry Ransomware Attack (Netral News) The new WannaCry ransomware attack has infiltrated 57,000 computers in 150 countries.
A Windows XP bug makes it possible to recover files encrypted by WannaCry (Help Net Security) In an unusual turn of events, a Windows bug allows WannaCry victims that run Windows XP to decrypt the files encrypted by the ransomware.
HHS Ramps Up Cyber Threat Information Sharing (GovInfo Security) A series of email alerts from the Department of Health and Human Services about the WannaCry ransomware campaign - and a number of related daily conference calls
They predicted the 'WannaCry' ransomware cyberattack, so how come few listened? (Los Angeles Times) But did companies think the cybersecurity community was just crying wolf?
The WannaCry Legacy: How the Attack Will Shape Cybersecurity (PRNewswire) The WannaCry ransomware that has affected more than...
Expert Brooks on #Cybersecurity: Is WannaCry Ransomware Just the Warm-Up Act (High Performance Counsel) Cybersecurity. When ambulances are delayed, we take notice. The devastating WannaCry ransomware attack had massive impact in social and financial terms worldwide. But was it just a warn-up act for far worse? Is the legal sector in the cross-hairs?
Multiple Groups Have Been Exploiting ETERNALBLUE Weeks Before WannaCry (Sedco) Secdo has uncovered a new evasive attack that leaves no trace and has been infecting organizations using NSA exploits since the mid-April.
Secdo Discovers Hackers Exploited NSA's ETERNALBLUE Weeks Before WannaCry Outbreak to Steal Login Credentials (MarketWired) Organizations potentially exposed to future thread-level attacks that install backdoors, exfiltrate data and steal credentials
New Cyber Attack Exploits Microsoft Bug, Generates Digital Currency (Investopedia) Another cyber attack relying on a Microsoft bug is spreading around the globe at the same time the hacking group Shadow Brokers is warning of more pain to come.
Massive Adylkuzz cyberattack underway (NewsComAu) Another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault on computers worldwide.
Adylkuzz hack, called larger than WannaCry, slows computers across the globe (CBS News) Hundreds of thousands of computers around the world have been impacted by another malware attack that uses tools developed by the NSA
CryptoMining malware Adylkuzz using the same vulnerability as WannaCry (HackRead) It seems that WannaCry had a predecessor that apparently carried out attacks which involved mining the cryptocurrency Monero using the same vulnerability f
New Threats Fuel Fears of Another Global Cyberattack (Fox Business) A new fast-spreading computer attack and a hacking group's threat to release a fresh trove of stolen cyberweapons are fueling fears among businesses and security experts of another global technology assault.
Uiwix Ransomware Using EternalBlue SMB Exploit To Infect Victims (BleepingComputer) A ransomware called Uiwix has been discovered to be using the EternalBlue exploit to infect vulnerable victims. While Uiwix is still being researched, this article will provide details on what is currently known.
Ransomware fear-flinger Uiwix fails to light (Register) Stand down, folks. Back to Defcon none
China issues warning for new ransomware virus (The Star Online) China has urged Windows users to protect themselves against a new ransomware virus similar to the WannaCry bug that wreaked havoc worldwide last week.
Security firm traces ransomware origins, targets - The Nation (The Nation) A private firm’s security appraisal has found that 77 per cent of all ransomware detected targeted four industries – business and professional services, government, healthcare and retail.
Twitter is down for some users (TechCrunch) Twitter seems to be having some technical difficulties this morning, with the network going down for some folks. Down Detector's live outage map shows..
You were not alone; Twitter went down everywhere (HackRead) If you were wondering what's going on with the social media giant Twitter, then don't worry you were not alone. Reports indicated that Twitter was down in
Avast Warns of Cyber-Attacks on Routers and IoT Devices (NDTV Gadgets360.com) Avast, the company behind the leading antivirus software, warned Thursday against attacks on home appliances connected to the Internet, calling hackers targeting home routers a major threat to consumers.
Three home security systems found to be vulnerable – if hackers were hiding in bushes (Register) Pointblank weaknesses have since been patched
APT3 Threat Group a Contractor for Chinese Intelligence Agency (Dark Reading) Record Future says its research shows clear link between cyber threat group and China's Ministry of State Security.
Chinese Government Contractor Identified as Cyber-Espionage Group APT3 (BleepingComputer) An anonymous group known as Intrusion Truth has published evidence that links an intelligence contractor working with the Chinese government to cyber-attacks that have been carried out by a cyber-espionage group known in the infosec community as APT3.
HandBrake malware attack led to theft of Panic apps' source code (Help Net Security) Software company Panic Inc. has announced that some of the source code for their offerings has been stolen, and they are being blackmailed by the attackers.
Who's responsible for fixing SS7 security issues? (Help Net Security) SS7 security issues have come to a head: attackers were able to exploit them to empty users' bank accounts. The time to act is now, but what can be done?
What is the SS7 protocol and what are its security implications? (SearchSecurity) The SS7 protocol is under scrutiny because of its security vulnerabilities and potential privacy issues. Here's a look at the protocol and its problems.
Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division (KrebsOnSecurity) Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus.
DDOS attacks in Q1 2017 (Exploit This) Although the first quarter of 2017 was rather quiet compared to the previous reporting period, there were a few interesting developments. Despite the growing popularity of IoT botnets, Windows-base…
DDoS Attacks Are in Decline in Number and Size, Akamai Report Finds (eWEEK) According to Akamai's latest State of the Internet/Security Report, both the total number of DDoS attacks and the number of large DDoS attacks declined at the beginning of 2017.
Smartphones are a lucrative business for hackers (GulfNews) Devices are becoming the target and entry point for a wide range of risks Lookout says
Inside Russia’s Social Media War on America (Time) On March 2, a disturbing report hit the desks of U.S. counterintelligence officials in Washington. For months, American spy hunters had scrambled to uncover details…
Facebook is losing the fight against the spread of fake news (Naked Security) How can you work out what’s true and what’s not in the torrent of stories on Facebook when the platform itself can’t reliably flag up a fake story?
Have you inadvertently joined a Trump-supporting robot army? (Naked Security) If your data was exposed in one of two recent breaches, there’s a good chance your details have been used by an army of bots to support the proposals to end net neutrality
Security Patches, Mitigations, and Software Updates
Security experts hit out at Google over refusal to patch Android security flaw exploited by ransomware (Computing) Despite WannaCry, Google won't patch security flaw present in Android since October 2015
Verizon rolling out a security update to HTC 10 (Blasting News) The carrier pushed out a security software update for its variant of the HTC 10 smartphone.
Companies keeping Bitcoin on hand in case of ransomware attacks (Graham Cluley) Companies are stockpiling Bitcoin just in case they suffer a ransomware attack and need to quickly regain access to their data.
Cyberattacks changing but on the rise: ThreatMetrix report (Bankless Times) The sheer volume of cyberattacks is more than enough proof of the need for vigilance when protecting your online financial data, a new report from ThreatMetrix suggests. The occurrence of fraud is …
Solarwinds MSP: Overconfidence in Security Damaging for Businesses (Channel Partners) The recent WannaCry ransomware attack is aptly named based on SolarWind MSP cybersecurity survey findings.
Healthcare organizations still complacent about cybersecurity (Help Net Security) Cybersecurity within the healthcare sector has been traditionally poor, at best. Most organizations limit themselves to box ticking exercises.
Research Finds IT Professionals Lack Company Loyalty (Infosecurity Magazine) 71% of IT practitioners claimed that brand protection was not their responsibility
Business Nightmare Scenarios Detailed a Week Since WannaCry (Infosecurity Magazine) Independent computer security researcher Graham Cluley described the three main areas of concern for businesses in 2017
RSA: Quarter of UK Consumers Boycott Breached Firms (Infosecurity Magazine) RSA: Quarter of UK Consumers Boycott Breached Firms. Latest poll suggests consumer trust is at all-time low
Cyberattacks prompt massive security spending surge (Phys.org) The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.
Cyber security companies boosted by hack concerns (Investors Chronicle) Being the software security provider to the recently hacked NHS has not hurt Sophos (SOPH). Shares in the UK's biggest listed cyber security company rose 8 per cent on Monday, as investors speculated - with good reason - that the group's services are likely to be in greater demand after the high-profile cyber ransom attack.
WannaCry Puts These 3 Cybersecurity Stocks in the Spotlight (The Motley Fool) WannaCry reveals how vulnerable organizations are to cyberattacks. These three companies can protect from future disasters.
What You Need to Know Before Investing in Cybersecurity and 3D Printing Companies (The Motley Fool) Get the latest investor takeaways for cybersecurity, 3D printing, housing, and ... Oreos?
'Directors without cyber insurance may be personally sued' (Ynetnews) 'Israel is completely in a league of its own,' says a world expert on cyber communications, who arrived this week in Israel for an insurance conference; the president of the insurance and finance group Harel, Gideon Hamburger, spoke about the damages that could be caused to officials due to cyber attacks.
Carbon Black CEO on acquisition rumors: 'Why would you do that?' (Boston Business Journal) After $190 million in funding and several years of rapid growth, cybersecurity company Carbon Black looks poised for an IPO. But companies have been snapped up at a similar stage of growth before, and IBM Security is an active acquirer in the area.
Mobile Security Firm Wandera Raises $27 Million (Fortune) New mobile threats.
Cisco Systems, Inc. (CSCO) Stock Wipes Out on Awful Guidance (InvestorPlace) Cisco has been rising as its turnaround shows spots of brilliance, but CSCO stock hit a major speed bump Wednesday amid lousy Q4 guidance.
Symantec: Quarter Was A Lot Better Than The Headlines, WannaCry Is Another Tailwind (Seeking Alpha) Symantec reported the results of its fiscal Q4 last week. The results disappointed some investors, particularly as the shares had recently achieved an all-time
Juniper Networks: Is It Time To Buy? (Seeking Alpha) The stock price of Juniper Networks has gained 35% over the last year. The company seems to find a perfect strategy which allows exploiting core capabilities in
Governor Larry Hogan Announces Excel Maryland Initiative to Grow Life Sciences and Cyber Startups (Office of Governor Hogan) Touts Administration’s success making Maryland “Open For Business” at inaugural Governor’s Business Summit
US business delegation returns to view the Midlands’ world class cyber sector (Worcestershire LEP) Following the success of the regional cyber trade mission to Maryland last year, a US business delegation of cyber security companies will return to the Midlands between 5-9 June 2017....
Booz Allen Chosen to Help Modernize the Navy’s Tactical Networks (American Security Today) A reliable connection to communications networks can be challenging on land, and even more so at sea. The U.S. Navy’s Tactical Networks Program Office (PMW 160) is responsible for ensuring the Navy has access to secure and reliable communications networks on any platform, anywhere. To support the modernization of these Tactical Networks, the Navy’s Program …
Anomali to create 120 new jobs at Belfast R&D lab (Finextra Research) Invest Northern Ireland today announced major investments which will bolster Northern Ireland’s cyber security sector. US based cyber security firm Anomali will create 120 new jobs with the opening of its European Research and Development Labs in Belfast and the Centre for Secure Information Technologies (CSIT) will generate investment of £38.5m in research & development, which will encourage the growth of the cyber security sector here.
Verint Awarded Multimillion Dollar Government Cyber Security Project (BusinessWire) Verint Awarded Multimillion Dollar Government Cyber Security Project; Company's Solution to Help Protect Latin American Government from Advanced Cyber
Terbium Labs Appoints New CTO and Hires Sales Leader to Support Accelerated Growth and Adoption of Dark Web Data Intelligence Platform (Sys-Con Media) Brett Davis joins Terbium Labs as Vice President of Sales responsible for driving enterprise sales of Matchlight; Chief Data Scientist Clare Gollnick promoted to CTO
Greystones Names New Chief Technology Officer (PRNewswire) Greystones Consulting Group, The D.C. based professional consulting,...
Products, Services, and Solutions
New infosec products of the week: May 19, 2017 (Help Net Security) New information security products of the week include interesting releases from CA Technologies, Delta, F-Secure, NetMotion, and SailPoint.
Clavister Selects Webroot BrightCloud® (Webroot) Webroot Provides Clavister Customers a Real-Time Solution to Detect and Block Malicious Incoming
Virginia hospitals develop new guidelines to protect against cyber threats (WTKR.com) Virginia hospitals have developed new guidelines to protect patients' information after the recent global ransomware attack that hit at least 150 countries and infected 200,000 machines.
ESET Ireland’s Top 8 Tips For Preventing ‘WannaCry’ Ransomware Attack (Information Security Buzz) On Friday, 12th of May, the world was rocked by the biggest ransomware attack in history. It started with Spain’s telecom sector, then news started coming in about British Health Service being targeted and attacks on FedEx, several Russian banks and ministries as well as many other targets in about a hundred countries across the world. The culprit? A …
Using deep learning to thwart malware - even WannaCry (diginomica) How startup Deep Instinct uses deep learning AI technology to detect undocumented malware and might have thwarted last week's WannaCry ransomware outbreak
It’s Time to Think Differently about Threat Operations (ThreatQuotient) Can you really “manage” threats? Is that even a worthwhile goal? And how do you define a threat?
60-second countdown: Stopping a cyber breach within 1 minute (SiliconANGLE) Once cyber attackers breach an enterprise, they will likely be able to compromise it in as little as 60 seconds, according the 2016 Verizon Data Breach Report.
Dome9 Launches Channel Program to Meet Enterprise Demand for Verifiable Public Cloud Security (MarketWired) Key deal inked with Westcon-Comstor to extend Dome9's global enterprise market expansion
Fishtech To Build New Cloud Security Operations Center, The Next Step In A Managed Security Evolution (CRN) Fishtech, founded by FishNet Security founder Gary Fish, announced it is working on building a Cloud Security Operations Center, to provide purpose-built cloud security services to customers.
Technologies, Techniques, and Standards
ISA99: Developing the ISA/IEC 62443 Series of Standards on Industrial Automation and Control Systems (IACS) Security (ISA99 Committee) The ISA99 committee provides this site as a means of facilitating collaboration both within the committee ands with interested stakeholders. Anyone can use the links provided on these pages to review recent committee news and monitor committee activities.
New NIST guidelines banish periodic password changes (Graham Cluley) New draft guidelines have been issued by NIST are recommending that users should not be forced to periodically change their passwords.
Wallet Ransomware Master Keys Released on BleepingComputer. Avast Releases Free Decryptor (BleepingComputer) This morning a newly registered member posted the master decryption keys for the Wallet Ransomware in the BleepingComputer.com forums. Once these keys were determined to be valid, Avast updated their decryptor to support the .Wallet extension. Victims can now use this decryptor to decrypt their files for free.
Implementing GDPR in local government - where to prioritise (Computing) Pitney Bowes' Andy Berry gives a run-down for local authorities on what they need to do to become GDPR-compliant - before May next year
5 Things To Consider While Building Your Continuous Security Monitoring Strategy (BitSight) Having a continuous security monitoring strategy is difficult—but the five components listed in this article will give you a leg up in its creation.
Electronic warfare emerging in Army arsenal (C4ISRNET) The Army continues to evaluate and integrate electronic warfare capabilities into its tool set.
What Is A VPN - The Ultimate Beginners Guide for 2017 (vpnsrus.com) What is a VPN? We explain all you need to know about VPNs, including the pros, cons and legal implications of using them in a wide range of cases.
5 Security Lessons WannaCry Taught Us the Hard Way (Dark Reading) There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.
Deconstructing the 2016 Yahoo Security Breach (Dark Reading) One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.
Legislation, Policy, and Regulation
WannaCry: How Did the US's Non-Proliferation Failure Become a “Global” Cyber Security Threat? (The Wire) Though the devastating ransomware attack was a failure on the NSA's part, current UN cyber norms are far too weak to hold the US responsible.
Congress will consider a new Cybersecurity Bill that could shift power away from NSA (Newsweek) Proposed bill would require the NSA to inform other government agencies about security holes it finds in software.
US spies could have to disclose their hacking tools to the public under a new proposal (CNBC) It comes after the hackers behind the WannaCry cyberattack used an NSA exploit to deploy their virus.
Johnson Sponsors Bill To Enhance Cybersecurity (Wisconsin Public Radio) U.S. Sen. Ron Johnson, R-WI, co-introduced a bill with Sen. Brian Schatz, D-HI, to enhance cybersecurity in the wake of a global cyber-attack that hit 150 countries last weekend. The bill would create an intelligence review board that decides how the government goes about sharing information about software vulnerabilities.
The Equities Decision: Deciding When to Exploit or Defend (Chertoff Group Point-of-View) The whole WannaCry episode has understandably resurrected the question of NSA's role in identifying and then exploiting or patching cyber vulnerabilities.
Should spies use secret software vulnerabilities? (The Conversation) What's the best way for spy agencies to protect the public: secretly exploit software flaws to gather intelligence, or warn the world and avert malicious cyberattacks?
IronNet’s Keith Alexander: Govt-Industry Collaboration Needed to ‘De-Risk’ Security Tools (ExecutiveBiz) Retired U.S. Army Gen. Keith Alexander, president and CEO of IronNet Cybersecurity, has said the government and private sector must work together to fight cyber threats and de-risk security tools that intelligence agencies use against enemies following a ransomware attack that has affected systems worldwide, TechCrunch reported Wednesday. The former National Security Agency director talked about the global “WannaCry” attack...
Israel Defence Forces Will Not Create a Cyber Command, But Will Strengthen Military Cyber Defences (SpaceWatch Middle East) The Israel Defence Forces (IDF) has decided not to create a unified cyber command that would have placed its signals intelligence collection, offensive cyber operations, and cyber defence units under one central military organisation that would have been the equivalent of Israel’s land, sea, and air forces.
Trump’s Cyber Executive Order is More Study than Action (Roll Call) PresidentTrump’s executive order on cybersecurity this month tracks the recommendations of commission that urged fixes in government IT systems.
Lawmakers push Defense nominees to 'be a continued irritant' for cyber policy (FederalNewsRadio.com) Lawmakers are pushing key Defense Department nominees to begin considering how to put a comprehensive cyber policy in place.
E.U., U.S. officials meet to discuss possible carry-on laptop ban that has raised fears of air traffic disruption (Washington Post) The discussion of the possible ban came after Trump disclosed sensitive related information to Russia.
A Trump FCC advisor’s proposal for bringing free Internet to poor people (Ars Technica) Trump advisor says net neutrality hindered free data services for the poor.
Internet Providers Insist They Love Net Neutrality. Seriously? (WIRED) As the FCC starts the process of dismantling its own net neutrality protections, telecoms say not to worry. But their commitment is full of holes.
Litigation, Investigation, and Law Enforcement
Iran releases list of 9 sanctioned US firms, individuals (Mehr News Agency) Foreign Ministry has updated the list of sanctioned US firms and individuals following the recent move by Washington in imposing new sanctions on Iran for its missile program.
If Nothing Else, Robert Mueller Could Bring Clarity to Trump’s Russia Ties (WIRED) The special counsel role has a whole lot of room to work, which will hopefully clear up all the innuendo.
US, Israeli spies upset that Trump shared intel with Russia (Military Times) The United States and Israel are publicly brushing aside President Donald Trump's reported sharing of a highly classified tip from Israel with Russia, but spy professionals on both sides are frustrated and fearful about the repercussions to a critical intelligence partnership.
F.B.I. Once Warned G.O.P. Congressman That Russian Spies Were Recruiting Him (New York Times) The 2012 warning to Dana Rohrabacher, an ally of President Trump, shows that the F.B.I. has for years viewed Russian spies as having a hand in Washington.
Julian Assange: Sweden drops rape investigation (BBC News) The arrest warrant for the Wikileaks founder, holed up in Ecuador's embassy in London, is revoked.
This Guy Phished Over 50 Women Just to Violate Their Privacy (Motherboard) Sometimes, the threat may not be all that technologically sophisticated, but hackers can still grab a wealth of personal information from a victim.