The CyberWire Daily Briefing 5.7.19

Special Section

Global Cyber Innovation Summit

Some warnings last week in Baltimore about the supply chain. It may be wise to assume hardware's compromised, and as for software, the industry as a whole hasn't come to grips with the implications of the very widespread use of open source code. What of the problem of the "malicious committer?" Security industry leaders and venture capitalists closely engaged with them shared some thoughts.

We continue the CyberWire's coverage of the inaugural Global Cyber Innovation Summit in this and coming issues.

Summary

By the CyberWire staff

Symantec reports that the "Buckeye" group has obtained NSA cyber attack tools and used them against a variety of targets, including several US allies. Symantec doesn't call Buckeye Chinese intelligence services, but as close to everybody else does as to make no difference. The tools' use apparently antedates the ShadowBrokers' leaks by about a year, and there's speculation, the New York Times reports, that the code was captured and reverse-engineered when it was employed against Chinese networks.

Israel's airstrike against a Hamas cyber operations center continues to be seen by many as a radical shift in the nature of combat. ("The future is here and it features hackers getting bombed," as Foreign Policy puts it.) WIRED's more nuanced discussion sees the novelty in the near-real-time retaliation, and its public avowal by the Israeli government. But consider that, as cyber operations and electronic warfare converge, whether Gaza strike might be more like hitting an enemy jammer than something altogether new under the sun.

Not all retaliation is kinetic. Sometimes you jam the enemy emitter. Facebook just did so this week, taking down ninety-seven groups, pages, and accounts in an action against Russian "coordinated inauthenticity" deployed against Ukraine.

Don't tell Thanos, but Threatpost says a sketchy Avengers Endgame themed site that promises downloads of the movie is actually involved in credential harvesting. Don't go there; you don't want to get dusted.

Recorded Future takes a demystifying look at the dark web. There's bad stuff there, but it's a lot smaller than Mordor.

Analyze Who Has Access to What Within Your IT Infrastructure Now

Notes.

Today's issue includes events affecting Belgium, China, Congo, India, Ireland, Luxembourg, Philippines, Russia, Ukraine, United Kingdom, United States, Venezuela and Vietnam

Bring your own context.

Suppose you were to present a study of a company's cybersecurity posture to its board, as requested and required, complete with the usual dismaying findings--unpatched systems, default passwords, supply chain mishaps, various human errors--and the board thanked you, recessed briefly, returned, and told you your budget request was denied. Why would this happen? Here's why it happened on one occasion.

"Afterwards, the CEO and the CFO came down. And we sat down, having a side meeting to talk about what happened. And I think this was the most important realization, and it was when the CEO had said, 'Your presentation was great. You really conveyed the threat landscape. But there was one major thing missing. You never talked about how you're going to help the business.' And they said, 'We know how important cybersecurity is. We know how important it is for the business to improve and invest in the right areas. However, we really need it to work. And that's why we're having this conversation.'" Joseph Carson, chief security scientist and advisory CISO at Thycotic, on the CyberWire Daily Podcast, 5.3.19.

The board's language is business, and for some CISOs it can be at best a second language.

The CISO's ultimate guide to AppSec: 11 essential best practices you should know

By now, we are all too aware of the consequences of a data breach: brand damage, loss of customer confidence, potentially costly litigation, regulatory fines, and more. But most organizations aren’t as familiar with how to prevent these attacks. This guide highlights 11 data security best practices to minimize risk and protect your data.

On the Podcast

In today's podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour shares thoughts on HTTPS security concerns. Our guest is Michael Figueroa from the Advance Cyber Security Center, who discusses their recent report identifying a need for a board-level cyber risk management standard.

And Recorded Future's Threat Intelligence Podcast, produced in partnership with the CyberWire, is also up. In this episode, "A Fresh Take on Defining Threat Intelligence," Levi Gundert and Allan Liska provide a refresher on threat intelligence, including how they have come to describe it and what, exactly, it is and is not.

Sponsored Events

Cybersecurity Impact Awards (Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!

Cyber Investing Summit (New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.

Cyber Security Summits: May 16 in Dallas and in Seattle on June 25th (Dallas, Texas, United States, May 16 - June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Verizon, Center for Internet Security, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com

Uniting Women in Cyber (Arlington, VA, United States, May 17, 2019) Join us as we celebrate the women in today’s cybersecurity ecosystem at the Uniting Women in Cyber Symposium on May 17, 2019! This full-day event features dynamic women speakers discussing the future of tech, cybersecurity and business. Network among 300–400 business and technical professionals and attend our awards reception recognizing women in tech and business.

DreamPort Event: Tech Talk Series: How DevOps and Automation Can Accelerate Warfighting Readiness (Columbia, Maryland, United States, June 19, 2019) Come hear NetApp's own DevOps journey and lessons learned and see how NetApp has equipped large enterprises to change fast and manage risk, with its deep integration with DevOps tools. In this interactive demonstration and discussion, NetApp will guide conversation towards a DevSecOps vision that can be realized immediately with capabilities that are available today to Defense Department developers.

DreamPort Event: RPE- 006: The Defense at Pemberton Mill (Columbia, Maryland, United States, June 21, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting RPE -006: The Defense at Pemberton Mill. For this event, we'll be looking for solutions that monitor a fictitious network for vulnerabilities and detect attacks in progress. We want participants to bring solutions for monitoring both information technology (IT) and operational technology (OT) networks both in live (with network taps) and offline (PCAP) mode. This event is June 21.

Selected Reading

Dateline

Emerging technologies: views from industry and venture capital. (The CyberWire) Clouds, supply chains, open source and the problem of malicious commitment, the promise of known good, and what CISOs can bring to VCs.

Cyber Attacks, Threats, and Vulnerabilities

Facebook takes down Russian-linked disinformation targeting Ukraine (CyberScoop) Facebook announced it is taking down 97 pages, groups, and accounts emanating from Russia and targeting Ukraine that attempted to conceal who was behind them.

Israel Bombs Building as Retaliation for Hamas Cyber Attack (BleepingComputer) The Israel Defense Forces (IDF) announced that a building used by Hamas cyber operatives was bombed on Saturday as part of a joint retaliation operation with the Israel Security Agency (Shin Bet) and Unit 8200 of Military Intelligence, following a failed cyber attack against Israel.

A New Era of Warfare Begins as Cyberattack Leads to Airstrikes (Gizmodo) For the first time ever, a government announced publicly that it had used immediate lethal physical force in response to a cyberattack.

Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak (Ars Technica) Already criticized for not protecting its exploit arsenal, the NSA has a new lapse.

Chinese spies acquired NSA tools, used them to attack US allies: report (TheHill) A leading cybersecurity firm found evidence Chinese intelligence operatives repurposed National Security Agency hacking technology in 2016 to attack American allies and private firms in Europe and Asia,

How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks (New York Times) The latest case of cyberweapons escaping American control raises questions about the United States’ expensive and dangerous digital arsenal.

The Strange Journey of an NSA Zero-Day—Into Multiple Enemies' Hands (WIRED) How a "secret" hackable bug found by the NSA was used over by Chinese, North Korean, and Russian hackers to wreak havoc.

Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak (Symantec) Windows zero day was exploited by Buckeye alongside Equation Group tools during 2016 attacks. Exploit and tools continued to be used after Buckeye's apparent disappearance in 2017.

The Future Is Here, and It Features Hackers Getting Bombed (Foreign Policy) Israeli armed forces responded to a Hamas cyberattack by bombing the group’s hacking headquarters.

Flaw in pre-installed software opens Dell computers to remote hijack (Help Net Security) Dell computer owners should update the Dell SupportAssist software as soon as possible to close a high-risk remote code execution vulnerability.

Cyber security firm Malwarebytes explains how hackers attacked Microsoft's GitHub (International Business Times, Singapore Edition) Malwarebytes said the skimmer is a hex-encoded piece of JavaScript code that was uploaded to GitHub on April 20.

Criminals are hiding in Telegram – but backdoors are not the answer (Naked Security) When it comes to an easy life, the criminals behind the fearful Anubis banking malware have become big fans of Twitter and, increasingly, the secure messaging of Telegram.

Old Scams Getting New Life in the Cloud (Netskope) Netskope Threat Research Labs has recently discovered a new technique being used by scammers to reach potential victims: send emails and SMS messages that include links to common services, such as AWS, Azure, Alibaba cloud, and Google Docs. We have seen this technique used for well-known scams, like fake pharmacies, dating sites, and tech support, …

What will phishers do once push-based MFA becomes widely used? (Help Net Security) As phishing thrives, investing in anti-phishing technologies should be a no-brainer for most companies. Cofense CEO discusses the future of phishing.

Tron Blockchain Narrowly Escapes Crash Due to DDoS Attack: HackerOne Report (BitcoinExchangeGuide) Smart contract and dapp blockchain platform Tron (TRX) would have been history by now, according a report by HackerOne.

Avengers: Endgame Sites Promise Digital Downloads, Deliver Info-Harvesting (Threapost) Web scammers are going after Marvel fans as the movie passes the $2.2 billion box-office mark, making it the second-highest grossing film of all time, behind only Avatar.

Who’s Afraid of the Dark? Hype Versus Reality on the Dark Web (Recorded Future) We present our findings of a spider specifically for dark web sites in an effort to make an assessment of one precise definition of the term “dark web."

The dark web isn't as big as you think. (CyberScoop) According to new research from Recorded Future, the number of dark web marketplaces selling illegal wares is around 100.

Recent cyber-attack proves costly for Calif. school district (www.SecurityInfoWatch.com) Modesto schools shelled out more than $475K to eradicate viruses that took down essential services in the district

Security Patches, Mitigations, and Software Updates

High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack (Threatpost) Cisco patches two high-severity bugs that could be exploited by remote attackers.

WordPress 5.2 to Come with Supply-Chain Attack Protection (BleepingComputer) The WordPress 5.2 build which will be released today will ship with offline digital signatures for all core updates as a defense measure against possible supply-chain attacks, with support for themes, plugins, and translations to be delivered at a later date.

Amazon to Disable S3 Path-Style Access Used to Bypass Censorship (BleepingComputer) Amazon announced in a post on the Amazon Simple Storage Service (S3) forum that the company will deprecate path-style API requests (used by many to circumvent censorship) starting with September 30, only keeping support for the virtual-hosted style request format.

Cyber Trends

Why Cybersecurity Matters to Small Businesses (business.com) With limited protection against cybercrime, small businesses are at risk.

6 Security Concerns with Office 365 (Security Boulevard) As more organizations migrate to the cloud, the popular misconception that the cloud is not safe is slowly going away.

5 Emerging Vectors of Attack and Recommendations for Mitigating the Risks (Bricata) DNS manipulation, domain fronting, targeted cloud individual attacks, HTTPS and encryption, and the exploitation of hardware features are among the emerging challenges adversaries can exploit according to cybersecurity experts at SANS.

Why Are Financial Institutions Running into Obstacles When Improving Authentication? (PaymentsJournal) Caught within a shifting threat landscape, a tighter regulatory environment and a seismic shift in customers’ banking preferences – and

Cyber threats, cyber opportunities, and collective defense: a view from the Three Seas (Security Boulevard) NSA’s Rob Joyce said recently at RSAC 2019 that we’ve seen a shift in the cyber attacks being mounted by nation-states.

Marketplace

Trump creates new cybersecurity competition with a $25,000 award (Roll Call) The competition is part of an executive order, signed by Donald Trump, aimed at addressing a shortage of cybersecurity workers across the federal government

Huawei Says Collaboration Key to 5G Security (Infosecurity Magazine) Left out of Prague's 5G security talks Huawei says it shares a commitment to cybersecurity.

Exabeam Raises $75 Million to Accelerate Worldwide Displacement of Legacy SIEM Vendors - Exabeam (Exabeam) Follows 2018, which saw 76 percent of platform replacement deals edge out legacy vendors IBM, McAfee, RSA, LogRhythm,[...]

Kaseya Buys ID Agent To Strengthen Dark Web Monitoring Muscle (CRN) Kaseya has purchased cybersecurity startup ID Agent to add more end user protection to its existing security management and infrastructure protection capabilities.

Dashlane Closes $30 Million in Funding (Security Baron) In a recent press release, Dashlane announced that they had closed $30 million in funding, bringing their overall funding to about $100 million.

AIS awarded $93.6M contract (Uticaod) Assured Information Security in Rome has been awarded a $93.6 million Indefinite Delivery/Indefinite Quantity contract.This kind of

Rapid Growth and Momentum Continues in 2019 for Hotshot, a Leader in Secure, Compliant Mobile-First Messaging and Collaboration (Morningstar) Rapid Growth and Momentum Continues in 2019 for Hotshot, a Leader in Secure, Compliant Mobile-First Messaging and Collaboration, Read most current stock market news, Get stock, fund, etf analyst reports from an independent source you can trust – Morningstar

Products, Services, and Solutions

SolarWinds Expands Security Portfolio with SolarWinds Endpoint Detection and Response Through Partnership with SentinelOne (AP NEWS) SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today announced that it has expanded its security portfolio with SolarWinds® Endpoint Detection and Response through its partnership with SentinelOne, the autonomous endpoint protection company.

StackRox Kubernetes Security Platform Receives Red Hat Container Certification (Yahoo) StackRox Delivers Enhanced Security and Compliance Capabilities via the Red Hat Container Catalog

D3 Security Redefines SOAR by Operationalizing the MITRE ATT&CK Framework (BusinessWire) D3 announces that it has operationalized the MITRE ATT&CK framework, advancing its SOAR platform to focus response actions on adversary intent.

Microsoft offers software tools to secure elections (Fifth Domain) Dubbed

Protecting democratic elections through secure, verifiable voting - Microsoft on the Issues (Microsoft on the Issues) Today, at the Microsoft Build developer conference, CEO Satya Nadella announced ElectionGuard, a free open-source software development kit (SDK) from our Defending Democracy Program. ElectionGuard will make voting secure, more accessible, and more efficient anywhere it’s used in the United States or in democratic nations around the world. ElectionGuard, developed with the assistance of our...

Illusive Networks Has Developed an Ingenious Defense System to Protect Dating Sites & Apps From Hackers - [Dating News] (DatingNews.com) In July 2015, a hacking group known as The Impact Team created a nightmare scenario for Avid Life Media, the online dating company that owns Ashley Madison.

Technologies, Techniques, and Standards

As cloud computing lifts off, fog computing remains (C4ISRNET) ManTech says it has produced a system that will enable tactical war fighters to process and analyze intelligence in real time.

The Army looks to build up its cyber arsenal (Fifth Domain) Could tactical Army cyber units leverage tools from Cyber Command?

What Is Application Shielding? (WIRED) Security firms are increasingly touting application shielding as an important layer of defense. But it may be better suited to DRM.

The Overlooked Military Implications of the 5G Debate (RealClear Defense) Last week, the U.S. Defense Innovation Board released a report outlining the risks and opportunities for the United States in the global race to develop 5G.

Air Force and Akamai Zero in on Zero Trust (Meritalk) While few can pronounce the Air Force CTO's name – zero can spell it – which leads us in nicely to Frank Konieczny's presentation on Zero Trust at Akamai’s event on Tuesday, April 30, “Zero Trust: Moving Beyond Perimeter Security.”

Design and Innovation

Analysis | The Cybersecurity 202: This new Android app aims to tackle cyber insecurity in the developing world (Washington Post) The goal is to improve the global cybersecurity ecosystem.

Mark Zuckerberg’s ‘hate ban’ isn’t about safety — it’s about his own ego (New York Post) Why is Alex Jones permitted to have a telephone? It’s a serious question. Facebook on Thursday announced that a small assortment of kooks — Alex Jones, Laura Loomer, Milo Yiannopoulos, Paul Joseph …

Algorithms of Suppression (The American Mind ) Google is punishing the Claremont Institute for our political thought by refusing to let us advertise to our own readers.

Research and Development

Edgewise Networks Receives Approval for Two New Patents; Amasses IP Portfolio for Zero Trust Microsegmentation (BusinessWire) Edgewise Networks receives approval for two new patents, further strengthening its IP portfolio for Zero Trust microsegmentation

Researchers working on tools that aim to eliminate computer bugs (Help Net Security) Researchers at Stevens Institute of Technology are developing new tools that could eliminate computer bugs with ironclad certainty.

Academia

Air National Guard and UMass Dartmouth join hands to boost cybersecurity (CISO MAG) As per the partnership deal, the Airmen of the Air National Guard will offer relevant academic and cybersecurity courses to the university students.

Four Reasons Why The University Of Louisville's IBM Skills Academy Is A Very Smart Move (Forbes) The University of Louisville and IBM have partnered to launch an IBM skills academy. It's a smart move that will spur economic growth, attract more students, aid the company's search for talent, and serve the two main motives for college attendance. More universities will soon follow this lead.

Legislation, Policy and Regulation

China making 'rapid progress' on potency of cyber-operations, Pentagon says - CyberScoop (CyberScoop) China’s cyber-theft and cyber-espionage operations are accelerating to the point that they can “degrade core U.S. operational and technological advantages,” according to a congressionally mandated assessment of the Chinese military the Pentagon issued Friday.

US, Russia butt heads over Venezuela (AFP) US Secretary of State Mike Pompeo pressed Sunday for Russia to get out of Venezuela, while his Russian counterpart, Sergei Lavrov, called on Washington to "abandon its irresponsible plans" in the crisis-wracked country.

India may reject US demand for outright ban on Huawei (The Economic Times) Huawei feels confident that the company will, along with rest of the industry, be allowed to participate in the 5G trials but expects a decision only after the ongoing general elections.

Ireland must take heed of Britain’s cyber woes with Huawei (The Irish Times) Cyber security is battlefield on which all states must defend their sovereignty

Litigation, Investigation, and Enforcement

Two Israelis arrested in global 'dark' Internet probe (Reuters) Two Israelis have been arrested on suspicion of setting up a "dark" In...

Marine colonel commanding cyber operations group fired following drunk driving arrest (Marine Corps Times) Col. Douglas Lemott Jr. was the third colonel fired in recent weeks from a key command position.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

TechNet Cyber (Baltimore, Maryland, USA, May 14 - 16, 2019) TechNet Cyber 2019, formerly the Defensive Cyber Operations Symposium, will be the staging area for military, industry and academia to discuss and plan how to achieve persistent engagement, persistent presence and innovation. It is the opportunity to devise a new strategy to build resilience and defend networks.

upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech Midwest 2018 kickoff event was a conference and exhibition on global cyber threats, solutions, innovations, and technologies. It featured discussions by the industry's most renowned technology company executives, startups, government officials and contractors, investors, academics, media experts and other professionals changing the global cyber landscape—covering the most trending topics in the area of cyber and innovation.

SecureWorld Kansas City (Kansas City, Missouri, USA, May 8, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

RiskSec 2019 (Philadelphia, Pennsylvania, USA, May 8, 2019) RiskSec 2019 will provide insights from thought leaders across various industries, focusing on the most significant issues that CISOs and other security professionals face every day. Learn about new approaches to security, discover the latest technology and interact with the best in the business. We hope to see you there!

Digital Utilities Europe 2019 (London, England, UK, May 8 - 9, 2019) Following three successful editions of ACI’s Digital Utilities Europe Summit, the 4th edition will be taking place in London, United Kingdom on 8th-9th May 2019. The conference will bring together key industry stakeholders to address the current challenges of the digitalization in the utilities sector. The two day event will offer insight on business cases, financial aspects and technological advancements in the industry. Digital Utilities Europe 2019 will allow you to explore the successful implementation of recent case studies within digital business and its unique strategies.

Secutech 2019 (Taipei, Taiwan, May 8 - 10, 2019) As the largest regional business platform for professionals in the security, mobility, building automation and fire safety solution sectors, Secutech is the annual gathering place for key players from Japan, Thailand, Vietnam, Malaysia, the Philippines, Singapore, Myanmar andother Southeast Asian countries looking for integrated security systems and smart solutions powered by AI analytics and IoT technologies. Join the one-stop platform to introduce the latest innovations, find cross-industry partners, and tap into high-potential markets.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.