We're pleased to announce our new subscription program, CyberWire Pro, is launching soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time as it keeps you informed. Learn more and sign up to get launch updates here.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
The news as it’s developed over the weekend centers on heightened tension between the US and Iran in the wake of attacks against US forces in Iran and the US retaliation that killed Iranian Major General Suleimani. Iran has promised retribution, and many believe that such retribution is likely to include a heavy cyber component. The Washington Post has a summary of such predictions, and Fifth Domain offers an account of what Iranian cyber campaigns might look like.
That’s also the official view of the US Department of Homeland Security. Cybersecurity and Infrastructure Security Agency Director Krebs tweeted a warning and a recommendation that enterprises brush up on Iranian cyber tactics, techniques, and procedures: “pay close attention to your critical systems, particularly ICS.”
A great deal of Twitter traffic associated with Tehran has organized itself around the pre-existing hashtags #HardRevenge and #DeathToAmerica, as CyberScoop, citing Atlantic Council studies, reports.
There’s also been one minor attack on a US Government website that would seem to represent the work of either Tehran’s operators or of patriotic hacktivists aligned with Iran. The website of the US Federal Depository Library Program was defaced with Iranian messaging, Forbes and others report. The Department of Homeland Security is investigating. The affected site was probably a target of opportunity, hacked because it was hackable.
The Wall Street Journal says that Britain’s GCHQ is investigating the possibility that a London Stock Exchange outage in August, regarded as an accidental glitch, may have in fact been a cyber attack.
Today's issue includes events affecting Australia, Austria, Canada, China, Iraq, Iran, NATO/OTAN, Qatar, Russia, United Kingdom, United States
Bring your own context.
Artificial intelligence and machine learning are things almost all security companies talk about. What's the current state of play, buzzwords aside?
"So backing up around two to five years ago in cybersecurity, most applications of AI have been antivirus-driven: machine learning models that have been put in place specifically to recognize malicious code patterns, to be able to recognize that, push out signatures to block those, right? That's been a traditional approach to AI. It's been a monolithic model, meaning that it's cloud-based. So it's basically one learning node where all the viruses will feed in. And you can, through that model, do the processing, and then push out some sort of decisive pattern to other organizations where those security appliances sit to be able to act on that."
So code-blocking and antivirus represent the first generation of AI. What about the second?
"What I'm seeing is basically, the second generation is extended reach to those learning-modeled nodes. So instead of just having this monolithic brain, if you will, in the cloud that's doing all the processing and that's relying on everything to input into it, we're seeing now extended reach in the second generation of AI, which is a regional learning system, right? So you have - now you have - you're basically extending the same success that you've had from machine learning models of the cloud and putting them onto on premises - so regional sites, you know, different verticals, different environments, different nodes of inspection for traffic, different types of traffic. All of this now is entering into the second generation of AI, where those regional learning nodes extend into the cloud. So now they're also collecting data and feeding the cloud based off of its learned results, right? So then the cloud model can still take that extra input from these regional brains, do some additional processing and crunching, and then distribute that out to security appliances."
And a third generation?
"In the future, I believe that we're going to get into this federated machine learning models, where you have different devices doing their own machine learning, but peer-to-peer, so talking to each other and being able to pass data so it's much quicker and then actually, you know, be able to act on that data. So it's like a regionalized response completely on premises, so more of a distributed AI as a system model. That's going to allow for a lot of fascinating cases, I think. Obviously, you'll have much quicker response, which is, by the way, incredibly important because I often talk about the weaponization of artificial intelligence, how attackers are going to be able to leverage AI to, you know, get in and out of networks much quicker."
—Derek Manky, chief of security insights and global threat alliances at Fortinet, on the CyberWire Daily Podcast, 1.3.20.
Interested in space and associated C4ISR news?
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.
Each year, the cybersecurity industry is bombarded with threats to be concerned about. In the beginning of 2019, we heard about threats like artificial intelligence, machine learning, and ransomware attacks that would plague cyber professionals all year long. LookingGlass threat researchers want to look back at the trends that stood out to them, and which type of threats we can expect to see in 2020. Join us January 16 at 2pm ET for our webinar.
In today's Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan describes a clever defense against laptop theft.