We're pleased to announce our new subscription program, CyberWire Pro, launching early in 2020. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time as it keeps you informed. Learn more and sign up to get launch updates here.
AT&T Cybersecurity teamed up with 451 Research to survey organizations on their 5G security plans. Download today and see organizations’ 5G cybersecurity preparedness responses followed by gap analysis on what’s possibly being overlooked plus recommendations for strengthening 5G security efforts.
Dridex gang indicted. Facebook sues over ad fraud. Unix-based VPN traffic vulnerable to tampering.
The US Justice Department indicted two Russian citizens, Maksim Yakubets and Igor Turashev, for developing, operating, and distributing the Dridex banking Trojan. Yakubets was named as the leader of a criminal group known as "Evil Corp," which is said to have used Dridex to steal upwards of $100 million from victims around the world. The charges are the result of a joint investigation by the UK's National Crime Authority, GCHQ's NCSC, and the US FBI. The US Treasury Department also announced sanctions against nine members of Evil Corp, six entities linked to the group, and eight individuals who served as “financial facilitators” for the cybercriminals. The State Department is offering a $5 million reward for information leading to Yakubets's arrest, the highest reward ever offered for a cybercriminal.
CISA released an alert with technical details on Dridex and recommendations for organizations to protect themselves. The financial sector in particular is heavily targeted by the malware.
Facebook filed a lawsuit yesterday against a Chinese advertising company that allegedly violated the social media platform's ad policies over the course of three years, Mashable reports. Facebook says the company utilized malware to compromise Facebook users' accounts and then used these accounts to host ads for counterfeit products.
Researchers at the University of New Mexico have discovered a flaw in Unix-based systems that could allow an attacker on the local network to inject packets into an adjacent user's encrypted VPN connection, the Register reports. The vulnerability affects Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android.
Today's issue includes events affecting Australia, China, Denmark, India, Israel, Netherlands, Russia, Ukraine, United Kingdom, and United States.
Bring your own context.
Innovation can also be attended by risk.
"Attackers understand that [it's easy to forget that tools have a connection to the outside world]. So they understand how prevalent these type of new communication technologies are. They understand that when there is sort of a newness in the industry, that it presents a potential opportunity for attackers to leverage. And, you know, as soon as something like these type of communication platforms exist, attackers are going to be, you know, standing at the gates, trying to figure out ways that they could leverage them into providing sort of outbound or some sort of infection that they can leverage internally and kind of pivot around your digital environment with. And that's very interesting. So it's kind of always a race whenever these get in - you know, these type of technologies get deployed to make sure that those logs and the data that you're using them for internally also get captured and filtered back to a security team in an easy-to-evaluate way to look for suspicious and malicious events."
—Michael Sechrist of Booz Allen Hamilton, on the CyberWire Daily Podcast, 12.4.19.
Attackers can find opportunity in novelty.
A recommendation to our readers.
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. It offers a monthly overview of news in this sector—take a look.
The appearance of new threats and security challenges requires effective tools for their timely identification and in-depth analysis. Without proper contextualization, intelligence is completely useless. Context™ – Cyber Threat Intelligence Platform for enterprises and government agencies delivers cyber threat intelligence harvested from millions of data points from the Deep and Dark Web, combined with data science for objective and actionable insights.