Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Trust us: check out the first episode and subscribe today. The second episode will arrive Thursday. (Thanks to KnowBe4, our sponsors for season 1.)
Summit draws cyberspies. DPRK IT sanction evasion. Influence ops. Keyloggers. Bitfinex DDoSed. iCloud warrant. Facebook shares.
The US-North Korean summit, still on for June 12th, approaches. According to FireEye, interest by other powers—notably Russia and China—in the meetings is said to have prompted an increase in cyberespionage targeting South Korea.
The meetings may not address cybersecurity to any extent. Advisors and various policy mavens are recommending that President Trump concentrate on nuclear affairs, leaving cybersecurity for another time.
Where does North Korea get the hardware and software it needs to operate online, particularly the tools its elite needs to use the Internet? Recorded Future concludes that they get it mostly from the US, but in roundabout ways, using spoofed identities or third-party cutouts. This part of its sanctions regime may be more porous than the US Government would like.
Concerns about Russian election meddling persist, in the US and elsewhere. These concerns generally come down to fear of influence operations, and of amplified "divisive narratives" as opposed to direct disinformation. There are secondary concerns of course about voting integrity; Synack, for one, is offering US state election officials free penetration testing.
Lastline finds at least three sophisticated keylogger variants currently targeting financial institutions.
Cryptocurrency exchange Bitfinex is back online after sustaining a denial-of-service attack.
Former Trump campaign manager Paul Manafort faces additional charges based on evidence the FBI collected under a warrant for his iCloud account.
Microsoft had to outbid Google to buy GitHub.
Facebook allowed at least four Chinese firms, including usual suspects Huawei and ZTE, to access its data. Senators want explanations.
Today's issue includes events affecting Australia, Canada, China, European Union, Germany, Iran, Italy, Democratic Peoples Republic of Korea, Mexico, Russia, Spain, United Kingdom, United States, and and Venezuela.
Insider threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by downloading the full report. Get your copy today.