We're pleased to announce our new subscription program, CyberWire Pro, is launching soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
The US watch for Iranian cyberattacks. Fancy Bear snuffles at Vienna? REvil hits unpatched Pulse VPN Servers. ToTok is back.
So far no Iranian cyber operations more serious than the defacement of the Federal Depository Library Program have come to public knowledge, and as the New York Times points out, that action amounted to picking some pretty low-hanging fruit.
But the US Government continues to assess the risk of Iranian cyberattack as high, and CISA has released a terse warning not to underestimate Tehran’s capabilities. CyberScoop reports that the Multi-State Information Sharing and Analysis Center (MS-ISAC) has also quietly warned its members to beware of Iranian cyberattacks. New York State’s Department of Financial Services has also advised the banks and other institutions it regulates that they may well receive the attentions of Iranian hackers.
The Chertoff Group outlines the likeliest forms Iranian cyberattacks might take. These include destructive “wiperware,” ransomware, distributed denial-of-service, supply chain attacks, and actions against operational technology.
More observers are willing to speculate that the recent cyber espionage incident at Austria’s Foreign Ministry was the work of Russia. The evidence is circumstantial almost to the point of being a matter of a priori probability, but the word on the street (as summarized by Infosecurity Magazine) is that it looks like the work of Fancy Bear.
Researcher Kevin Beaumont warns that REvil ransomware (also known as Sodinokibi) is exploiting unpatched Pulse Secure VPN servers to prospect larger enterprises.
Vice reports that Google has restored the widely mistrusted ToTok app, thought to be an Emirati surveillance tool, to the Play Store. ToTok denies allegations its chat app is spyware.
Today's issue includes events affecting Austria, China, Colombia, France, Germany, Iran, Israel, Netherlands, Russia, Taiwan, United Arab Emirates, United Kingdom, and United States.
Bring your own context.
People are noticing that the more features a device has, the more bugs it harbors.
"And I think it's a little bit of a trend these days where researchers and the bad guys are really looking at this perimeter devices closely. Users ask for more and more features in these perimeter devices, meaning more and more code that's not exposed at your perimeter. You have seen like, for example, that FortiGate directory-traversal vulnerability last year and a couple hours. Basically, you know, know what you ask for. When you want more features, you'll also get more bugs."
—Johannes Ullrich, dean of research at the SANS Technology Institute, on the CyberWire Daily Podcast, 1.3.20.
Is it a case of getting what you ask for, and getting it good and hard?
Each year, the cybersecurity industry is bombarded with threats to be concerned about. In the beginning of 2019, we heard about threats like artificial intelligence, machine learning, and ransomware attacks that would plague cyber professionals all year long. LookingGlass threat researchers want to look back at the trends that stood out to them, and which type of threats we can expect to see in 2020. Join us January 16 at 2pm ET for our webinar.
In today's Daily Podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee takes a look back at 2019's industrial control system security issues. Our guest is Tom Tovar from AppDome, with a discussion of mobile API security.
And Recorded Future's podcast, produced in partnership with the CyberWire, is up. In this episode, "Protecting the Financial Sector Never Goes out of Style," their guest is Daniel Cuthbert. He’s the global head of cybersecurity research for Banco Santander, and he sits on both the Black Hat review board and the Black Hat training board. The conversation centers on his work in the financial industry, his unusual path to cybersecurity, and his thoughts on creative diversity. He offers his take on threat intelligence, as well as his insights on team leadership and seeking a career in security.