We're pleased to offer another reminder that our new subscription program, CyberWire Pro, will launch early in 2020. For cyber security professionals and others who want to stay abreast of this rapidly evolving industry, CyberWire Pro is a premium news service that will save you time as it keeps you informed. Learn more and sign up to get launch updates here.
We know that application security testing is a bottleneck for software development—but it’s also crucial. You need a solution that can simplify and automate as much of that process as possible without grinding development to a halt. Code Dx automates the most time-consuming steps in AppSec testing, keeping your DevOps pipeline running as smoothly as possible.
Gangnam Industrial Style. Persistent Rancor. US Foreign Intelligence Surveillance Court asks the FBI what it was thinking.
CyberX researchers have described a cyber espionage campaign that's evidently designed to steal sensitive data, especially design information, from manufacturers. CyberX calls it "Gangnam Industrial Style," in recognition that South Korean manufacturers have been most heavily hit, with some sixty percent of the victims located in the Republic of Korea. Other countries affected include (in rough order of the attention they received from the APT) Thailand, China, Japan, Indonesia, Turkey, Ecuador, Germany, and the United Kingdom. The attack begins with spearphishing emails carrying plausible bait representing itself as, for example, RFQs or inquiries from buyers. The most common payload is Separ malware, which both harvests credentials and searches for files of interest. The attackers may be after trade secrets in a conventional industrial espionage effort, or they may be looking for industrial system vulnerabilities that could be targeted in subsequent attacks.
Palo Alto Networks' Unit 42 has released a follow-up to its earlier reports on "Rancor," a Chinese cyber espionage unit that pays particular attention to targets in Cambodia. Unit 42 tells CyberScoop that there's an irony beneath the apparent persistence: none of the efforts to penetrate Cambodian networks have been fully successful.
The US Foreign Intelligence Surveillance Court has starchily ordered the FBI to give an account of what it was doing when it requested FISA surveillance authority over Trump advisor Carter Page. The New York Times calls the Justice Inspector General's report on Crossfire Hurricane "damning." A broader IG investigation is in the offing, the Washington Post reports.
Today's issue includes events affecting Cambodia, Canada, China, Czech Republic, Ecuador, Finland, Germany, Indonesia, Japan, Republic of Korea, Russia, Thailand, Turkey, United Kingdom, and United States.
Bring your own context.
Information may want to be free, as they used to say, but that's not to say that sovereign Internets will tear down the walls they're busily building. What's the effect of this trend?
"Certainly not a positive one, at least among those countries. For those of us that are interested in a free and open internet, we don't want to see something like this. You know, the other challenge as well is that these efforts ultimately reduce internet resilience as a whole. So the internet is an interconnected network of networks. It only works successfully when everybody is sort of behaving themselves and cooperating. When these things start occurring, it ultimately lowers the resiliency of the global internet. That's a bug, not a feature. Russia may be looking at as a feature, but for everybody else, it's really a problem."
—David Belson, senior director of internet research and analysis at the Internet Society, on the CyberWire Daily Podcast, 12.13.19.
Attention tends to focus on Russian policies, but Russia's not the only country aspiring to Internet sovereignty.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.