As always, we're working to improve the quality, relevance and overall value of the CyberWire, and so we’ve put together a short survey that should take five minutes or less to complete. This survey is of course completely voluntary, anonymous and confidential. Click here to take our survey and look for your chance to win some official CyberWire merchandise at the end.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
China behind ANU hack? GoldBrute bots scan RDP servers. MuddyWater stays busy. RIG delivers Buran ransomware. Alt-coin heists.
Signs point to Chinese intelligence services as the operators behind the recent hack and attendant data breach at the Australian National University. The Sydney Morning Herald says investigators believe one of the campaign's principal objectives was to groom Australian students headed into civil service careers for recruitment as agents.
The risks of Remote Desktop Protocol vulnerabilities come into sharper focus. Morphus Labs warns that a botnet, "GoldBrute," is scanning and brute-forcing about a million-and-a-half RDP servers.
Iran's hacking group MuddyWater (also known as SeedWorm) might have seen more of its tools leaked online, but that hasn't made it pull in its horns. Clearsky warns that the threat group is actively impersonating government accounts and using at least two new techniques: Microsoft documents carrying malicious macros, and exploitation of CVE-2017-0199 (that is, Microsoft Office/WordPad Remote Code Execution Vulnerability with Windows API). These of course aren't new attack tactics, but they're new for MuddyWater, and represent Iranian intelligence and security services' longstanding determination to learn lessons and improve their game.
The RIG exploit kit is now being used to deliver Buran ransomware, BleepingComputer reports. The best defenses against this Russian strain of ransomware ("буран," "blizzard") are updated security software (since Buran arrives via exploit kits), sound offline backup, and properly suspicious users.
Cryptocurrency firms are under attack, Infosecurity Magazine says. GateHub users lost some $9.7 million, and blockchain startup Komodo (not to be confused with security firm Comodo) hastily patched a vulnerability in its wallet.
The US Nuclear Regulatory Commission is short cyberworkers.
Today's issue includes events affecting Australia, Canada, China, India, Iraq, Israel, Republic of Korea, Pakistan, Philippines, Russia, Tajikistan, United Kingdom, and United States.
Bring your own context.
You wouldn't jump off the Empire State Building because an app told you to, right? Would you shrug and give it whatever data it asked for?
"Well, definitely, apps are taking as much data as they can. And they're getting away with it. Apple does give you controls as a user to limit, you know, oh, you don't necessarily have to show your - share your exact location with an app, or you don't have to share your contacts. And those are all good things that people should spend more time thinking about. But the truth is most people just click yes on whatever the apps ask for, and then they get it. And so that's a big hole that we're all falling into."
—Geoffrey Fowler, tech columnist for the Washington Post, on the CyberWire Daily Podcast, 6.3.19.
Apps serve at least two masters. One of them isn't you.
Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.