The CyberWire Daily Briefing, 1.29.20

Summary

By the CyberWire staff

Otorio says that a strain of ransomware called “Snake” (not to be confused with the many other polyglot malware Snakes slithering around in the wild) is both linked to Iran and probably implicated in the recent attack on Bahrain Petroleum Company. Bloomberg reports that Snake prospects many kinds of files, but it’s notably interested in process controls. Otorio thinks the attackers’ motive is economic warfare, in particular an attempt to influence oil prices.

While the matter of Mr. Bezos’ phone and the Crown Prince’s texts is increasingly regarded as inconclusive and at best circumstantial (see, for example, Errata’s blog on the topic), Citizen Lab’s account of Saudi Pegasus use against journalists is holding up. Ben Hubbard, the New York Times reporter who brought a suspicious text to Citizen Lab’s attention, offers an account of his experience.

Reaction within the US Government to Britain’s decision to allow Huawei to play in its 5G infrastructure, but only in “non-core” sections, has been decidedly sour. Fifth Domain offers a representative sample of Congressional opinion, and the judgments are harsh: “[They’ve] chosen the surveillance state over the special relationship,” or, “Allowing Huawei to build the UK’s 5G networks today is like allowing the KGB to build its telephone network during the Cold War.” The nicest comment was “disappointed.”

And after having waited to see which way the cat would jump, the European Union enunciated essentially the same policy with respect to Huawei participation in member states' infrastructure that Britain adopted yesterday, SC Magazine reports.

Fast, Comprehensive, Simplified Threat Intel Delivered To Your Inbox

Notes.

Today's issue includes events affecting China, European Union, Iran, Israel, Democratic Peoples Republic of Korea, Poland, Russia, Saudi Arabia, United Kingdom, United States

Bring your own context.

Robert M. Lee of Dragos hates making predictions, but we got him to offer a few, including some thoughts on general versus particular expertise.

"As I think about them, actually, what made really good security analysts anywhere else in the world was a deep understanding of how the system, or system of systems, worked in the first place. And we're starting to see more and more operations and engineering, especially on the operations side, get abstracted from the environment, where maybe the vendor or the integrator themselves built the ICS or integrated it in the way they thought. And really, we're just operating it, and we're leaning more and more in calling for helpdesk, and it's harder to hire people and train people and layers of expertise and more common operating platforms and et cetera, et cetera, et cetera, where the level of knowledge and operations - you know, these are amazing operators.

"I'm not trying to say they're lesser than they've ever been; they're actually better than they've ever been, but they're more generalists now than specialists. They're moving in that direction. And actually, it's the exact opposite of what we're seeing in the need of security of more specialization, especially with the level of automation that - in digital transformation that's happening in the industrial world. And I actually think that - not in 2020 - but as we go about our journey, industrial control systems security folks will have to appreciate that they will at some point, or should know more about that plant, inside and out, as a whole than any other one person in that facility. And that's scary and amazing and crazy all at the same time."

—Robert M. Lee, CEO at Dragos, on the CyberWIre Daily Podcast, 1.27.20.

Do you miss the big picture because you can't see the forest for the trees, or do you get the big picture wrong because you wouldn't know a tree if you walked into it?

Coming soon: CyberWire Pro.

Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.

Simple, secure identity and access management for your business.

LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.

On the Podcast

In today's CyberWire Daily Podcast, out later this afternoon, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses comments offered by Representative Alexandria Ocasio-Cortez (Democrat, New York 14th) during House hearings on facial recognition technology. Our guest is Dan Conrad from One Identity, who talks to us about sophisticated “pass the hash” attacks.

And our Caveat podcast is up. In this episode, "Exploring the cultural values of personal privacy," Dave shares a story about our own state of Maryland trying to crack down on ransomware, Ben shares a New York Times story about facial recognition software, and later in the show we speak with Stuart Thompson of the New York Times on the article, "Twelve Million Phones, One Dataset, Zero Privacy."

Sponsored Events

Cyber Security Summits: February 5 in Atlanta and on March 20 in Tampa (Atlanta, Georgia, United States, February 5, 2020) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, IBM Security, Google and more. Register with promo code cyberwire20 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Suits & Spooks (Washington, DC, United States, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers from government agencies and technology companies engage in discussion and debate of security challenges. World-class speakers describe their vision of future threats and leading-edge companies will exhibit novel solutions. Get 15% off with discount code cyberwire15.

Cyber or Cleared Job Fair, February 13, San Antonio. (San Antonio, Texas, United States, February 13, 2020) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber or Cleared Job Fair, February 13 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.

RSAC 2020 (San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Ransomware Linked to Iran, Targets Industrial Controls (Bloomberg) An Israeli cybersecurity firm said it believes a new strain of ransomware was created by Iran and has the ability to lock up or even delete industrial control systems.

Al-Qaeda Says Surprise Al Shabaab Attack That Killed 3 Americans Is ‘Brilliant’ Example for Jihadists (Homeland Security Today) Al Shabaab said in a video released after the Kenya airbase attack that the assault was “carried out under the guidance and direction of the leadership of al-Qaeda.

Someone Tried to Hack My Phone. Technology Researchers Accused Saudi Arabia. (New York Times) From a suspicious text message I received, technology researchers concluded that hackers working for Saudi Arabia had targeted my phone with powerful Israeli software.

A New York Times journalist was targeted by spyware linked to Saudi Arabia, according to report (Washington Post) The analysis by Citizen Lab follows a U.N. investigation implicating the Saudi crown prince in the hack of Jeff Bezos’s phone.

Cyberattacks targeted world leaders’ planes as they flew into Israel last week (Times of Israel) At least 800 attacks, including from Iran and Poland, were beaten back by Israel's newly upgraded air traffic cyber defenses, officials say

Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender (BleepingComputer) A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.

LoRaWAN Networks Susceptible to Hacking: Common Cyber Security Problems, How to Detect and Prevent Them (IOActive) LoRaWAN is fast becoming the most popular wireless, low-power WAN protocol. It is used around the world for smart cities, industrial IoT, smart homes, etc., with millions of devices already connected.

LabCorp security lapse exposed thousands of medical files (TechCrunch) Exclusive: The documents largely appeared to affect cancer patients under the laboratory's speciality testing unit.

A ‘moral’ payments processor spilled 6 million payments (TechCrunch) Exclusive: The database was left online without a password.

Fake police site phishing for confidential information claims victim's Web browser 'blocked' (The Straits Times) The Singapore Police Force have warned the public of a fake police website that tries to trick people into giving up confidential information, the latest version of similar scams that have cropped up in recent years.

Wawa Investigates Reports of Attempts to Sell Customer Info During Data Breach (NBC10 Philadelphia) Wawa announced Tuesday that there were reports of criminal attempts to sell customer information during last month’s data breach.

Wawa Breach May Have Compromised More Than 30 Million Payment Cards (KrebsOnSecurity) In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide.

Travelex claims it has brought money transfer and wire services back - but website remains down (Computing) Travelex website remains down almost a month after New Year's Eve ransomware attack

Suplizio: DuBois City Was Victim of Cyber-Attack (Gant Daily) DuBois City’s computer system was attacked by cyber criminals on Friday, Jan. 24, reported City Manager John “Herm” Suplizio at Monday night’s council meeting.

Fans of Kobe Bryant are buying keepsakes in the wake of his death, prompting scammers to swindle them (Washington Post) The sudden death of Kobe Bryant has many fans rushing to buy clothing and memorabilia that commemorate the life of the five-time NBA champion.

The cyber criminals selling network access to the highest bidder (Teiss) Levi Gundert, SVP of Global Intelligence at Recorded Future , discusses the selling of pay-per-install services on the dark web, including the increase of selling unauthorised access services.

Revive of Crimson RAT (Dinesh's Perspective) Crimson RAT was previously used by Pakistani Threat Actors Transparent Tribe Crowdstrike has been tracking the Threat Actor by name MYTHIC LEOPARD since 2016. According to the blog, …

Security Patches, Mitigations, and Software Updates

Cisco patches bugs in security admin center and Webex (Naked Security) Cisco has patched bugs in Webex and in Firepower Management Centre, the device that controls its security products.

Facebook will now show you exactly how it stalks you — even when you’re not using Facebook (Washington Post) The new ‘Off-Facebook Activity’ tool reminds us we’re living in a reality TV program where the cameras are always on. Here are the privacy settings to change right now.

Cyber Trends

State of Cybersecurity at Top 100 Global Airports (Immuniweb) 97 out of 100 of the world's largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.

UK CEOs deleting social media apps to prevent hacking attempts (SC Magazine) CEOs are increasingly concerned about sophisticated cyber attacks on their own companies with four-in-five executives fearing cyber-attacks on their own company modifying their own online behaviour.

Marketplace

What is Cyber Insurance and why it is the need of the hour (Moneycontrol) While global markets are all gearing to face the cyber challenge, Indian base for cyber insurance is around Rs 500-700 crore.

Persona raises $17.5M for an identify verification platform that goes beyond user IDs and passwords (TechCrunch) The proliferation of data breaches based on leaked passwords, and the rising tide of regulation that puts a hard stop on just how much user information can be collected, stored and used by companies have laid bare the holes in simple password and memorable-information-based verification systems. To…

Securiti.ai scores $50M Series B to modernize data governance (TechCrunch) Securiti.ai, a San Jose startup, is working to bring a modern twist to data governance and security. Today the company announced a $50 million Series B led by General Catalyst, with participation from Mayfield. The company, which only launched in 2019, reports it has already raised $81 million. Wha…

AppOmni Raises $10 Million in Series A Funding Led by ClearSky (Yahoo) AppOmni announces $10 million Series A funding round

Google paid $6.5m in bug bounties in 2019 (Computing) Google paid one security researcher $201,337 in the biggest single bug bounty reward in 2019

Tenable founders Ron and Cyndi Gula launching new pitch competition (Baltimore Business Journal) The new competition will offer a grand prize of a $150,000 investment to a promising, growing cyber startup.

STEALTHbits Enters 2020 With an Expanded Sales Team and Aggressive Growth Plans (STEALTHbits) STEALTHbits Technologies, Inc., a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data, has finished 2019 strong and is positioned for continued growth in 2020 due to the build ou...

Netsurion Announces Significant Channel Partner Expansion (Globe Newswire) Netsurion, a leading provider of managed network connectivity, security and compliance solutions in the SMB cybersecurity market announced rapid growth in its base of partners, with plans to continue emphasis of enabling partners to sell cybersecurity solutions in 2020.

Facebook's First Human Rights Chief Confronts Its Past Sins (Yahoo) In July, Facebook Inc. quietly hired Miranda Sissons, a 49-year old human rights activist whose previous work has included stints at the Australian diplomatic service and the International Center for Transitional Justice. The hiring, which was never formally announced, is part of a broader

Jay Parikh (Facebook) I have some bittersweet news to share. It’s time for me to step out of Facebook to explore what’s next. The past 10 years has undoubtedly redefined my expectations on what it means to scale and...

SentinelOne snags Palo Alto VP to lead European growth (CRN) Cybersecurity vendor claims to have tripled its EMEA business over the last six months

ForgeRock appoints David Hope as SVP of Asia-Pacific and Japan (Globe Newswire) Executive with 20+ years of enterprise IT leadership experience joins to accelerate regional growth

Products, Services, and Solutions

Blue Ridge Networks Announces Next Generation of LinkGuard: Highly Scalable, Faster Performance, Automated Provisioning (PR Newswire) Blue Ridge Networks today launched the next generation of LinkGuard, the preventative cybersecurity solution that seamlessly conceals and...

Data Privacy Day: Protect Your People (Tessian) Businesses need to consider whether their company's most sensative data is properly protected from incidents of human error and Data Privacy Day (28 January) acts as a timely reminder to do this.

Cequence Security Launches CQ botDefense SaaS (BusinessWire) Cequence CQ botDefense now available on AWS Marketplace; PCI-compliant SaaS option protects public-facing applications from automated bot attacks

Meraki’s Air Marshal Gets Help from a New WIPS Sheriff (Secplicity - Security Simplified) Wi-Fi hacking is a hot topic, but one that’s plagued by ambiguous and often contradictory technical terminology. Luckily, the lack of common definitions for Wi-Fi threat vectors has actually produced a solution to the problem: the Trusted Wireless Environment. The Trusted Wireless Environment framework succinctly defines the six Layer 2 Wi-Fi hacks that affect nearly …

Tripwire and Eaton Technology Partnerships Strengthens Cybersecurity Compliance for US Utilities (Tripwire) Integrating Tripwire Enterprise for Industrial Devices and Eaton’s IED Manager Suite strengthens security for energy utilities

Use These Antivirus and Anti-Malware Apps Instead of Avast (Lifehacker) If something is free—especially if it’s a complicated something, or something you’d probably have to pay for otherwise—the familiar saying is often true: You’re the product. It’s one of the reasons you’re always being advertised to across the web. Search engines, email services, messaging platforms, or other apps and services you fancy cost money, and companies have to recoup that somehow (and profit).

Technologies, Techniques, and Standards

Analysis | The Cybersecurity 202: DNC heads to Iowa to help protect caucuses from digital attacks and disinformation (Washington Post) It will be the biggest security challenge since 2016.

5 ways to be a bit safer this Data Privacy Day (Naked Security) Here are 5 things you can start doing today for your own and for everyone else’s online good!

Data Privacy Day: Gaining and maintaining trust is key for data defenders (SC Magazine) Building & ensuring trust are recurrent themes from our commentators, which also include education, awareness, going beyond compliance, implementing best practice, & a host of other concerns.

How Do I Love Thee, Data Privacy? Let Me Count The Ways (Forbes) A roundup of Data Privacy Day insight and recommendations from cybersecurity professionals and executives who work to protect data every day of the year.

Journey to the centre of IT - What Jules Verne can teach security teams today (Computing) Getting a central view of everything you have, even when it is distributed, will help navigate threats and risks

What 'Have I been Pwned?' taught DHS’s internal cyber chief about passwords - CyberScoop (CyberScoop) A website that informs users if their email address has been swept up in a data breach isn’t just popular with vigilant business owners or private security sleuths. The man charged with protecting the Department of Homeland Security’s systems from hackers also maintains an account on the “Have I been Pwned?” website, and it regularly reminds him of the risks passwords pose.

Design and Innovation

RiskSense working on AI to predict if vulnerabilities will turn into ransomware (ZDNet) RiskSense, a firm long at the forefront of warning about new threats, unveiled a dashboard on Tuesday to tell CSOs their level of risk of exploit from vulnerabilities. Next stop, says CEO Srinivas Mukkamala, are machine learning analyses that may be able to accurately predict when an exploit will be developed for any given vulnerability.

Research and Development

Ben-Gurion University Researchers Introduce the First All-Optical, Stealth Data Encryption Technology (PR Newswire) BGN Technologies, the technology transfer company of Ben-Gurion University (BGU) of the Negev, Israel, introduced the first all-optical...

Academia

Regis University Hosts Cyber Summit After Ransomware Attack (CBS Denver) Denver's Regis University acknowledges it paid a ransom to get its computer system back up and running.

Legislation, Policy and Regulation

EU follows UK approach to limiting but allowing Huawei involvement in 5G development (SC Magazine) EU announces guidelines that its 2 member countries can restrict or ban high-risk 5G vendors from core parts of their telecoms networks, and are advised to use multiple suppliers, following UK lead.

UK Press on with 5G & Huawei, But Place a Cap on Traffic, Equipment (E&E Times) The long-awaited UK government decision paves way for Huawei equipment in the country’s 5G networks. It limits it to non-critical parts of the network, while limiting how much equipment can be used.

Britain, resisting U.S. pressure, to allow some Huawei equipment in 5G networks (Washington Post) The British government announced Tuesday that it plans to allow the Chinese telecom giant Huawei to build "non-core" infrastructure for the country's coming super-fast 5G network, although the company may be designated a "high-risk vendor" with a capped market share.

Huawei granted 'limited' role in UK 5G and fibre network roll-outs (Computing) Government decides to allow Huawei to supply non-core 5G equipment

Analysis | Boris Johnson Chooses Huawei Expediency (Washington Post) Prime Minister Boris Johnson seems to have weighed speed and cost in his decision to let ‘high-risk vendors’ maintain a foot in the 5G market.

()

U.S. to keep pressing U.K. to drive Huawei from networks, official says (POLITICO) British Prime Minister Boris Johnson chose the middle ground between entirely embracing or banning Huawei.

Why Britain’s Huawei decision frustrated lawmakers (Fifth Domain) The decision by United Kingdom officials to allow Chinese telecom company Huawei to build parts of the country’s 5G network was met with ire from members of Congress Jan. 28.

Lawmakers warn US, UK intel sharing at risk after Huawei decision (TheHill) Lawmakers on Tuesday blasted the British government's decision to allow controversial Chinese telecom firm Huawei to help build its 5G networks, warning that the decision could threaten the long-standing intelligence sharing agreement between the

How will US react as UK allows Huawei to help build UK 5G - with restrictions? (SC Magazine) The government today confirmed that it will allow Chinese manufacturer Huawei to help build the country’s 5G network - with restrictions - in defiance of US objections,

Why the U.S. objects to Huawei's involvement in building 5G networks (PBS NewsHour) The United Kingdom says it will allow Chinese telecommunications firm Huawei to build part of its new 5G cellular network. The U.S. government had warned against the move, arguing Huawei poses a national security threat, but British officials said the company’s role will be limited to lower-risk parts of the process. William Brangham talks to Wired Magazine’s Garrett Graff about the details.

()

Is it time for a national Digital Bill of Rights? (FCW) A Commission on Privacy and Data should be created to develop legislation, taking the EU's General Data Protection Regulation and the California Consumer Privacy Act as a starting point to extend protections to individuals regarding data and privacy.

Bernie Sanders Thinks Companies That Sell Your Browser History Are ‘Trampling Over the Rights of Consumers’ (Vice) "No reasonable person would expect antivirus software to be selling off their private browsing data to the highest bidder."

New cybersecurity standards for contractors could be finalized this week (Fifth Domain) CMMC is set to be finalized Friday, Jan. 31.

Litigation, Investigation, and Enforcement

There's no evidence the Saudis hacked Jeff Bezos's iPhone (Errata Security) There's no evidence the Saudis hacked Jeff Bezos's iPhone. This is the conclusion of the all the independent experts who have reviewed the...

Bitcoin Has Lost Steam. But Criminals Still Love It. (New York Times) The police hoped that taking down online black markets would chase away criminals. But the amount of Bitcoin spent on illegal purposes has reached a new high.

Facial recognition firm sued for scraping 3 billion faceprints (Naked Security) A potential class action says Clearview AI is breaking biometrics privacy law by ransacking social media so police can match photos with IDs.

Russian Cybercrime Boss Burkov Pleads Guilty (KrebsOnSecurity) Aleksei Burkov, an ultra-connected Russian hacker once described as “an asset of supreme importance” to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.

Qualcomm Antitrust Case Raises Far-Reaching National Security Concerns (Forbes) If the antitrust standard set by the district court is upheld, U.S. security could be undermined.

()

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable business strategies that will help take your cyber security to the next level.

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers, and practitioners to form an ecosystem where personal contact fosters a climate in which disruptive solutions to hard challenges can emerge.

CPX 360 Vienna (Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover how our consolidated security architecture is creating long-term strategic advantages.

5th Annual Atlanta Cyber Security Summit (Atlanta, Georgia, USA, February 5, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from The FBI, U.S. Secret Service, U.S. Dept. of Homeland Security, Google, IBM, Verizon, and more about the latest threats facing your company.

Suits & Spooks, 10th Anniversary: Taking Ownership of the Future of our Security (Washington, DC, USA, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers engage in discussion and debate of cyber/physical security challenges over the course of two days. World-class speakers will describe their vision of future threats and leading edge companies will exhibit novel solutions. Our attendees come from the public and private sectors of U.S. and allied countries, and the networking is second to none.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.