The CyberWire Daily Briefing 8.28.18

Summary

By The CyberWire Staff

Yesterday Twitter suspended four-hundred-eighty-eight more accounts, this time for "sharing divisive social commentary" and "coordinated manipulation" as opposed to the "inauthenticity" Facebook stressed last week. Almost a hundred of the newly suspended Twitter accounts claimed to be located in the US; many of those were less than a year old.

Google warned US Senator Toomey (Republican of Pennsylvania) that his staff had been subjected to apparently unsuccessful spearphishing attacks. The accounts targeted were dormant, left over from the 2016 campaign. Unease over election hacking and influence operations persists in US political circles, where Defcon hacking demos are being taken seriously.

The Bank of Spain has experienced intermittent distributed denial-of-service attacks since Sunday, but says its services haven't been disrupted, so the attacks remain at a nuisance level.

Australia's newly formed government won't have a dedicated cybersecurity ministry. Instead, Home Affairs Minister Peter Dutton will assume responsibility for cybersecurity and critical infrastructure protection.

Switzerland has closed its investigation into a 2014 cyberespionage incident defense firm Ruag. The results were inconclusive: no perpetrator could be identified with confidence. Russia had been suspected, and Swiss authorities did say they believed it unlikely any actor other than a nation-state could have carried out the attack, but it wasn't possible to attribute the incident to any particular government.

Some members of the US House of Representatives are pressing for reform of the Common Vulnerabilities and Exposures database. The Department of Homeland Security has become increasingly unable to keep pace with rising demands for vulnerability information.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Austria, Bosnia, European Union, Germany, Iraq, Ireland, Myanmar, Russia, Spain, Syria, United Kingdom, and United States.

Find out what solutions are emerging, peaking and working for cyber risk managers.

In this recently-released report, Gartner Research analysts apply their “hype cycle” framework to describe the related services, software platforms, applications, methods and tools that organizations can use to develop programs to withstand risk events or take advantage of risk-related opportunities. Read the Gartner report, “Hype Cycle for Risk Management, 2018” courtesy of Coalfire.

On the Podcast

In today's podcast, we speak with Justin Harvey, from our partners at Accenture, who offers details from their mid-year cyber Threatscape report. Our guest is Sean Tierney from Infoblox with their shadow IoT report.

And Recorded Future's podcast, produced in cooperation with the CyberWire, is also up. This episode discusses a European view of cybersecurity.

Sponsored Events

IR18: Don’t Forget to Register for the first and only community-driven IR conference! Built by the community, for the community. (Arlington, Virginia, United States, September 5 - 6, 2018) IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve incident response processes. Receive 20+ hours of practical training on today’s best practices in IR topics, including 36 breakout sessions designed for all levels of experience.

Rapid Prototyping Event: The Chameleon and the Snake (Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.

Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA (Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.

The force is stronger when MSPs and MSSPs come together. (Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Twitter suspends more accounts for “engaging in coordinated manipulation” (TechCrunch) Following last week’s suspension of 284 accounts for “engaging in coordinated manipulation,” Twitter announced today that it’s kicked an additional 486 accounts off the platform for the same reason, bringing the total to 770 accounts. While many of the accounts removed last week appeared to origina…

Bound to Fail: Transnational Jihadism and the Aggregation Problem (War on the Rocks) On Aug. 22, ISIL’s leader Abu Bakr al-Baghdadi issued his first message to his followers in nearly a year, calling on them to carry out lone-wolf attacks

Google Tells Toomey Hackers Tried to Infiltrate Staff Email (SecurityWeek) Google alerted U.S. Sen. Pat Toomey's office that hackers with ties to a "nation-state" sent phishing emails to old campaign email accounts.

Vulnerability Note VU#906424 - Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface (US-CERT) Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.

AT Command Hitch Leaves Android Phones Open to Attack (Threatpost) Researchers used AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, and unlock screens.

Bank of Spain's website hit by cyber attack (Reuters) The Bank of Spain's website has been hit since Sunday by a cyber attack which has temporarily disrupted access to the site, a spokesman for the central bank said on Monday.

The Dark Side of APIs: Denial of Service Attacks (Akamai) In this blog post, we will discuss different Denial of Service (DoS) attacks that may negatively impact your API services, as well as mitigations offered by Kona Site...

BEC Detections Soar 80% (Infosecurity Magazine) Mimecast spots 41,000 attacks missed by others

The dangerous power of the clickbait king (UnHerd) The text message had read, simply, “noon”. I wait in nervous silence, as noon came and passed. Another hour trickled by and eventually a man wearing a thin smile steps through the cloud of hot white dust that billowed under the enormous canopies of Radio Café, Pristina, Kosovo. The young man’s name is Burim, and …

Cyber Trends

How Social Media Became The Locus Of 21st Century War (Task & Purpose) In 'LikeWar: The Weaponization of Social Media,' Peter W. Singer and Emerson T. Brooking examine this new 21st century way of war

Social media’s dangers are starkest outside the West (Times) This is to be a column about ethnic violence in Burma. First, though, let me remind you about Penn and Teller, a pair of American magicians who used to turn up quite a lot on British light...

ICO Breach Complaints Jump 160% in a Year (Infosecurity Magazine) GDPR thought to be a key factor

Fear of 'brand damage' stops firms reporting cybercrime (Independent) Brand damage and embarrassment are among the reasons given for the under-reporting of cybercrime by Irish businesses to gardai.

Marketplace

Australian property sector hit hard by hackers (Financial Review) Global cyber security executives are targeting Australia as growth hot spots for their companies.

Very Good Security makes data ‘unhackable’ with $8.5M from Andreessen (TechCrunch) “You can’t hack what isn’t there,” Very Good Security co-founder Mahmoud Abdelkader tells me. His startup assumes the liability of storing sensitive data for other companies, substituting dummy credit card or Social Security numbers for the real ones. Then when the data needs to be move…

Products, Services, and Solutions

Denim Group Works with Election Officials to Improve Security Infrastructure Ahead of Mid-Terms (BusinessWire) Denim Group today announced their role in assisting state and local election officials in improving their security infrastructure ahead of the 2018 mi

BehavioSec Provides Unique Anti-fraud Safeguards That Deliver Continuous Authentication Utilizing Behavioral Biometric (Digital Journal) BehavioSec, the first vendor to pioneer behavioral biometrics, continues rapid growth and momentum as more financial institutions, retailers, app developers and cloud service providers turn to the company’s flexible software platform for safeguarding their customers and dramatically slashing fraud costs.

Qrypt licenses ORNL's quantum random number generator to fortify encryption methods (Newswise) Qrypt, Inc., has exclusively licensed a novel cyber security technology from the Department of Energy's Oak Ridge National Laboratory, promising a stronger defense against cyberattacks including those posed by quantum computing.

Technologies, Techniques, and Standards

How to fix the troubled cyber vulnerability database (Fifth Domain) The Common Vulnerabilities and Exposures program has been criticized for delays in its disclosure process, but a group of lawmakers are offering a solution.

“No encryption, no fly” rule proposed for smallsats (SpaceNews.com) Small satellites that have propulsion systems, but don’t have encrypted communcations, pose a small but real threat of being hacked and endangering others.

Incorporating sensitive asset data into your vulnerability and compliance program (Help Net Security) In this podcast recorded at Black Hat USA 2018, Tim White, Director of Product Management, Policy Compliance at Qualys, talks about the importance of

What commanders will need in multidomain operations (C4ISRNET) New operating environments demand new capabilities.

Design and Innovation

The World’s Oldest Blockchain Has Been Hiding in the New York Times Since 1995 (Motherboard) This really gives a new meaning to the “paper of record."

Research and Development

Circadence Receives New U.S. Patent for Gamified Cybersecurity Training Platform, Project Ares (GlobeNewswire News Room) Circadence® Corporation, a market leader in cybersecurity training and assessments, announced today that the United States Patent and Trademark Office has issued U.S. Patent 10,056,005, entitled “Mission-Based, Game-Implemented Cyber Training System and Method,” for Project Ares®.

SOCOM seeking technologies for war in a post-cyberpunk era (C4ISRNET) In order to fight the wars of the present and the future, SOCOM is asking for a suite of technologies straight out of a cyberpunk thriller.

Toyota Investing $500 Million in Uber in Driverless-Car Pact (Wall Street Journal) Toyota is set to invest about $500 million in Uber as part of an agreement by the two companies to work jointly on driverless-vehicle development.

Legislation, Policy and Regulation

Peter Dutton takes on responsibility for cybersecurity in Scott Morrison's new cabinet (CRN Australia) Still no dedicated ministry though.

Switzerland ramps up protection against cyber attack on infrastructure (Xinhua) After several recent cyber attack on emails of some 15,000 government employees, Switzerland on Monday released minimum standards for companies and organizations to protect the country's critical infrastructure.

New Cyber Deterrence Bill Empowers US Gov't to Impose More Sanctions - Senators (Sputnik) US Senators Cory Gardner and Chris Coons introduced the Cyber Deterrence and Response Act will enable the United States to prevent state-sponsored cyberattacks and impose sanctions on all parties responsible for such attacks, Gardner’s press office said in a press release on Monday.

Analysis | The Cybersecurity 202: Lawmakers dismiss voting machine maker's claim that spies benefit from election hacking demos (Washington Post) They're taking Def Con research seriously.

New document lays out American military’s early cyber struggles (Fifth Domain) A lack of resources, staff shortages and blurry lines of authority were just some of the difficulties that the American military experienced in cyberspace in 2014, according to a Freedom of Information Act request.

McCain Leaves a Rich Cyber Legacy (Nextgov.com) The late senator pushed relentlessly for the government to develop a comprehensive cyber deterrence strategy.

Litigation, Investigation, and Enforcement

Swiss close investigation into cyber attack on defence firm (SWI swissinfo.ch) The Attorney General’s Office has suspended criminal proceedings in connection with the cyberattacks carried out against government-owned defence ...

Court case puts PRISM back in the spotlight (FCW) An appeals court heard arguments Aug. 22 on a case that has broad implications for digital privacy and the constitutionality of government surveillance authorities.

T-Mobile quietly reveals uptick in government data demands (TechCrunch) T-Mobile has revealed an uptick in the number of demands for data it receives from the government. The cellular giant quietly posted its 2017 transparency report on August 14, revealing a 12 percent increase in the number of overall data demands it responded to compared to the previous year. The re…

Woman sues US border patrol over data copied from seized iPhone (Naked Security) The Muslim American wants assurances that the data – including photos of her not wearing a hijab – are deleted.

Two found guilty of terror plot in Germany. Their accomplice once planned attack on Ramstein (Stars and Stripes) Two associates of a man who once planned to attack Ramstein Air Base were found guilty of charges related to a planned suicide bombing at a German town.

Source: FBI Agent Told Congress The Bureau Used Leaked Stories To Obtain Spy Warrants (Daily Caller) Today's entertainment gossip and chatter

SOURCES: China Hacked Clinton’s Private Email Server (Daily Caller) 'A "courtesy copy" of her emails was sent to a third party'

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Fall Season is 8/27/18-9/28/18.

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community, connections and change. IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes. If you are interested in contributing to the event, your company can sponsor one of the exclusive innovation categories. Contact Sponsors@IncidentResponse.com for more information.

InfoWarCon 18 (Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential hostile use of cyber and related information technologies including how to neutralize the current ones. Since the initial InfoWarCon in 1994 we have hosted the event in multiple venues across the US and Europe

upcoming Events

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will include five plenary sessions, where senior leaders from the intelligence and national security communities will discuss top priorities, challenges, and assessments of key threats, as well as nine breakout sessions that will examine issues of vital importance to our national wellbeing and the readiness of the intelligence and national security workforce.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses within government and the private sector. This year's summit, like the previous eight, will bring together leaders from government and industry for a comprehenive look at the challenges of cybersecurity.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.