We were able to attend a media roundtable the National Security Agency's Cybersecurity Directorate held at Fort Meade yesterday. We have a quick overview here.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Attor--quiet, effective espionage. FIN7's new tricks. Ransomware and an Apple 0-day. Social credit? A look inside NSA's ICC.
ESET reports the discovery of "Attor," a modular espionage platform that has been deployed mostly against selected individuals in Russia, many of whom have shown an interest in using privacy-focused services. The malware has also been used against a smaller number of diplomatic and government targets in Eastern Europe, notably in Ukraine, Slovakia, Lithuania, and Turkey. Attor has been in use since 2013 at least, and ESET describes it as "professionally written." Its plugin architecture enables its controllers to customize Attor's functionality to specific targets. In general, the malware uses an unusual device-fingerprinting technique, automated data collection, and Tor-enabled exfiltration. ESET does not know what Attor's infection vectors have been, and the researchers think it probable that the malware has still-undiscovered plugins.
FireEye researchers catch FIN7 (also known as Carbanak) using new tools.
Morphisec finds Bitpaymer ransomware exploiting an Apple zero-day.
At the request of Chinese authorities, Apple has removed both a US news app and a mapping app from its Chinese service. The Telegraph notes that the optics aren't good for Cupertino, which some see as having joined the NBA in a kind of shadow extension of China's social credit program into the West. Verge says the app is Quartz's, blocked for "content not legal in China." (Quartz is both widely read and not typically seen as extreme.) The mapping app, HKmap.live, was allegedly used to target police and commit crimes where police weren't present: Apple had this latter information from the Hong Kong Cybersecurity and Technology Crime Bureau.
Today's issue includes events affecting China, European Union, Iran, Lithuania, Russia, Slovakia, Turkey, Ukraine, and United States.
Bring your own context.
The insider threat problem is a tough one to address.
"Employees feel very entitled to personal ownership. A large majority of our information security leaders that we surveyed, 72%, agree it's not just corporate data. It's my work and my ideas. Which, you know, that's a scary statistic because if people think that it's their work and their ideas, they're going to take it with them when they leave. And I don't think companies realize how impactful that can be until the data's gone. I talk to a lot of customers and potential customers, and just recently I was on the phone with a company that had an employee leave, start their own company, and that became a threat to the existing company or the initial company to the point where they had to buy out the company that was started with the employee's data - or with the employer's data. So I don't think companies really realize how impactful it is until it's probably too late."
—Jadee Hanson, CISO and VP of information technology at Code42, on the CyberWire Daily Podcast, 10.8.19.
As recent news out of Canada, the US, and the UK will attest, even capable, professional, and well-resourced intelligence and counterintelligence services have their insider threats, so it's not just you, small business. (But it is you, too.)
And a note to our readers.
Monday is Columbus Day, a US Federal holiday, and we'll be taking the day off. We'll resume publication as usual on Tuesday. Enjoy the long weekend, if you're able to take it.
According to Coalfire’s latest report on FedRAMP, U.S. agencies spent $6.5B in cloud services in FY2018, an impressive 32 percent year-over-year increase, with the vast majority of Federal cloud migration still to come. SaaS/PaaS/IaaS providers can gain access to this market with significantly less investment in both time and cost by taking advantage of automation and recent FedRAMP program updates. Learn how.