Our new subscription program, CyberWire Pro, launched last week. Cyber security professionals and all others who want to stay abreast of this rapidly evolving field, will find that CyberWire Pro is a premium news service that will save you time and keep you informed.
More Signal. Less Noise.
Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
EU power grid coordinator business network hacked. Cablegate report declassified. Hung jury in Vault 7 case. Arrest over DEER.IO, crook vs. crook.
Announcements
CyberWire Pro is now here
Summary
The European Network of Transmission System Operators for Electricity (ENTSO-E), which coordinates European electrical power markets, disclosed that it suffered "a successful cyber intrusion" into its business systems. CyberScoop says power generation and distribution are unaffected by the incident.
The National Security Archive has released US Cyber Command's declassified assessment of the damage done by the 2010 WikiLeaks' publication of sensitive State Department cables. The National Security Archive summarizes the report as "suggest[ing] that illegal release of classified State Department cables in 2010 led to a period in which the U.S. government was hindered in its ability to track the activities of at least one of the most sophisticated APTs operating on the geopolitical stage."
The trial of former CIA employee Joshua Schulte on charges connected to WikiLeaks' Vault 7 ended in New York yesterday with convictions on the minor counts of perjury and contempt, but with a hung jury on the eight far more serious charges of improperly disclosing classified information. The Washington Post says the Government will probably seek a retrial. A conference on March 26th is expected to outline the next steps.
US authorities have arrested Kiril Viktorovich Firsov on charges related to his alleged operation of the DEER[.]IO black market souk, ZDNet reports.
Cybereason researchers observe criminals hacking criminals, infecting rivals' hacking tools with njRAT.
Another test of US election security comes today, as five states (Idaho, Michigan, Mississippi, Missouri, and Washington) hold primaries and one (North Dakota) holds a firehouse caucus. NBC has a summary.
Notes.
Today's issue includes events affecting Australia, Canada, China, European Union, Iran, Russia, United Kingdom, United States, and Vietnam.
Bring your own context.
CIA, but not the kind they have down at Langley.
"One of the concepts we talk to our clients about is the CIA Triad. Looking at risk from a cyber perspective in terms of confidentiality of information, the integrity of the organization and the availability of services and products that the organization may be taking to market. Using this lens to better understand cyber risk is a concept we talk to our execs about all the time. Thinking about what's going on in the market in, let's say, ransomware, how does that impact the availability of those products and services to customers of that organization? Looking at data loss and PII and what that impact would be on terms - in terms of confidentiality, those are the things that we try to educate execs and board members on in terms of looking at risk, in terms of the confidentiality, integrity and availability of services that they offer to their clients. Teaching executives about the CIA Triad, making sure that they have a good foundational understanding and provide cyber risk reports broken down by confidentiality, integrity and availability, and being able to track security metrics through that CIA Triad lens."
—Thomas Etheridge, VP of services at CrowdStrike, on the CyberWire Daily Podcast, 3.6.20.
And a triad, but not, you know, the secret society kind of Triad.
Georgetown University Part-Time Master's in Cybersecurity Risk Management
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
On the Podcast
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin updates us on the ClearView AI affair and its implications for privacy law. Our Guest is Kathleen Kuczma from Recorded Future, with a review of the 2019 Top Vulnerabilities List.
And speaking of Recorded Future, their podcast, produced in partnership with the CyberWire, is up. In this episode, "A Nuanced Approach to MSSP and MDR Services," they offer a moment of clarity concerning MSSP and MDR services. MSSP stands for "managed security service provider," and MDR is "managed detection and response." Their expert guest this week will help sort out the sometimes subtle differences between the two. Sean Blenkhorn is chief product officer at eSentire, and he shares his insights on modern threat hunting and how threat intelligence can enhance those capabilities.
Sponsored Events
"I love security agents!" Said no one, ever. (Online, Mar 13, 2020) Register today for Orca Security's March 13 webinar, Two CISOs explain why if you're using scanners or agents to secure AWS, Azure, and GCP, then you're doing it wrong. It's time for a BIG CHANGE.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Spying concerns raised over Iran's official COVID-19 detection app (ZDNet) Google removes Iran's official COVID-19 detection app from the Play Store.
Hackers breached administrative IT systems of European power grid organisation (Computing) ENTSO-E's members include 42 electric transmission industry operators across 35 European countries
European power grid organization says its IT network was hacked (CyberScoop) ENTSO-E, which ensures coordination of European electricity markets said Monday that its IT network had been compromised in a “cyber intrusion.”
Secret document says cable leak hurt tracking of foreign hackers (TechCrunch) The previously unseen 'secret' document reveals a rare link between the 2010 leak diplomatic cables and the China hacks against Google.
Leaked Cables Offer Raw Look at U.S. Diplomacy (New York Times) A trove of State Department cables, obtained by WikiLeaks, offers a look at bargaining by embassies, candid views of foreign leaders and assessments of threats.
USCYBERCOM: Cable-Gate Hindered U.S. Tracking of APT Intrusions (National Security Archive) A USCYBERCOM Fusion Cell assigned to evaluate the impact of the 2010 WikiLeaks release of classified Department of State cables determined that information in the cables revealed U.S. intelligence on
Secret-sharing app Whisper left users’ locations, fetishes exposed on the Web (Washington Post) Hundreds of millions of users’ intimate messages, tied to their locations, were publicly viewable until after the company was contacted by The Washington Post.
IQY files and Paradise Ransomware (Lastline) Perhaps one of the less known of the weaponizable Microsoft Office file formats, IQY files, provide attackers with a simple way to infiltrate a network. We have intercepted a campaign that leverages this file type to deliver a new variant of the Paradise ransomware.
A hacker says hackers are hacking hackers in new hacking campaign (TechCrunch) A newly discovered malware campaign suggests that hackers have themselves become the targets of other hackers, who are infecting and repackaging popular hacking tools with malware. Cybereason’s Amit Serper found that the attackers in this years-long campaign are taking existing hacking tools …
Years-long campaign targets hackers through trojanized hacking tools (ZDNet) A group believed to reside in Vietnam has been hacking other hackers for years.
Who's Hacking the Hackers: No Honor Among Thieves (Cybereason) Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, allowing the attackers to completely take over the victim’s machine.
It’s not a breach… it’s just that someone else has your data (Naked Security) If you lose someone’s data because of a configuration blunder that lets crooks in without any actual hacking… is that a “breach” or not?
Russian malware cripples some Durham city and county systems. City is investigating (Raleigh News & Observer) A malware attack hit the IT systems of the city of Durham and Durham County on Friday, the city and county announced Sunday.
Scammers Use Coronavirus Map To Spread Malware (Silicon UK) Scammers are using fear around the coronavirus epidemic to spread malware via malicious email attachments, phishing messages and even a virus map
Bogus HIV test results are the latest lures used by cybercrooks (CyberScoop) It’s open season for hackers who prey on public health fears to try to dupe people into installing malware. As phishing attempts related to the novel coronavirus surged in late January, another health-related scam was kicking off.
Malware Spread as Nude Extortion Pics of Friend's Girlfriend (BleepingComputer) Attackers have recently warped sextortion scams into baits used to infect their targets with Raccoon information stealer malware designed to help steal credentials, credit card information, desktop cryptocurrency wallets, and more.
Cyberattackers are delivering malware by using links from whitelisted sites (TechRepublic) Legitimate-looking links from OneDrive, Google Drive, iCloud, and Dropbox slip by standard security measures.
99% of compromised Microsoft enterprise accounts lack MFA (Naked Security) Cybercriminals compromise over a million Microsoft enterprise accounts each month as too few customers use multi-factor authentication.
Top VPN software had a major security flaw (TechRadar) Vulnerability discovered during HackerOne session
Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media (Vice) One former employee said the secret company called Pink Unicorn Labs was doing the same thing as Cambridge Analytica, "but more nefariously, arguably."
Vulnerability Summary for the Week of March 2, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Facebook refuses to ban fake Biden video that makes it look like he's endorsing Trump (CNBC) The video, posted by White House social media director Dan Scavino, was edited to show Biden endorsing Trump for reelection. Facebook has since labeled it as "partly false information."
UK officials fight back after cyber-attack (WKYT) The University planned a network outage early Sunday morning. President Eli Capilouto later sent an email to students and faculty to outline the threat and explain how it was handled.
University of Kentucky's system network reboots after cyber attack (WKYT) Officials say the attack started in early February from outside of the United States.
Bainbridge park district hit by cyber attack (Bainbridge Island Review) Databases that contained the employee and financial records for the Bainbridge Island Metropolitan Park &Recreation District were destroyed by an internet hacker in late February, and the extensive cyber attack has left district officials writing hand-written checks to workers and vendors.
Security Patches, Mitigations, and Software Updates
Microsoft: Turn off Memory Integrity if it’s causing problems (Naked Security) Microsoft has finally clarified how users can fix a Windows security measure that has been causing hardware problems: turn it off.
Cyber Trends
2020 SaaS Trends (Blissfully) Every year at Blissfully we do a deep dive into SaaS spend and adoption trends. In 2020, we analyzed 10 years of data from over 1,000 companies.
RSA 2020 Conference Recap (Bricata) Automation and orchestration, cloud security, AI/ML and the human side of security dominate conversations at RSA 2020.
Combatting Complexity by Focusing on Fundamentals: New Study from Axon (PRWeb) Despite having hundreds of tools at their disposal, IT and security teams are rapidly losing sight of their asset landscape. That’s the finding from a new survey f
2020 Asset Management Trends: As IT Complexity Increases, Visibility Plummets (Axonius) Read this ESG eBook commissioned by Axonius on the increasingly complex IT landscape & lack of visibility across cloud, mobile & IoT environments.
The Cybercrime Pandemic Keeps Spreading (Dark Reading) The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.
Over 75% of US households will be at risk to get hacked via voice assistants by 2025 (Atlas VPN) Recent Atlas VPN findings show that voice assistants can get hacked by using ultrasonic waves to imitate voice commands. Ultrasonic waves do not make a sound, which means that the device can get hacked without alerting the owner. In addition, scientists can imitate voice commands using lasers. Lasers trigger movements in the microphone’s diaphragm, and …
Mimecast Research: 90 Percent of Healthcare Organizations Hit with an Email-Borne Attack in the Past Year (Globe Newswire) Report Highlights Latest U.S. Healthcare Email Security Attacks and Need for More Effective Employee Awareness Training
Ransomware Gangs Hit Larger Targets, Seeking Bigger Paydays (Data Breach Today) Targeted ransomware attacks continue to increase as gangs seek to obtain bigger ransom payoffs by hitting larger targets, aided by a cybercrime services economy
6 Cybersecurity Trends Worth Looking at in 2020: Blockchain Is on the List (The Daily Hodl) If 2019 has taught us anything about cybersecurity, it is that cyber-attacks are the reality of our times, hardware
Marketplace
CIA funnels cash to private company aimed at defeating Huawei (The Washington Times) The CIA isn’t waiting while the White House, Congress, the Justice Department and the Pentagon squabble over the best approach to combating Huawei’s domination of the future 5G wireless network.
Surge in Sanctions Lifts Compliance Services (Wall Street Journal) A surge in economic sanctions and a tangled web of international blacklists are overwhelming in-house compliance staffs and lifting the ledgers of third-party compliance services.
Netsurion Teams with Restaurant Technology Network to Advance Cybersecurity and PCI Compliance for Restaurants (Globe Newsire) Netsurion, a leading managed cybersecurity service provider, today announced it has joined the Restaurant Technology Network, a membership community solely dedicated to the restaurant industry.
Ntrepid Named Winner of Prestigious Cybersecurity Excellence Award (Businesswire) Ntrepid LLC announces their acceptance of the Advanced Persistent Threat Protection Silver award from the 2020 Cybersecurity Excellence Awards.
Former EverWatch CFO Diane Nguyen Joins SAIC as Finance VP (GovCon Wire) Diane Nguyen, former chief financial officer of EverWatch, has joined Science Applications Internati
Authoriti Selects Paul Alexandre as its Vice President of Sales (Globe Newswire) 30-year tech veteran brings experience in identity management, security and cloud; Now building Authoriti’s sales organization
Products, Services, and Solutions
OPAQ Achieves SOC 2 Type II Certification (Yahoo) SOC 2 Type II certification demonstrates the OPAQ cloud meets and exceeds the strictest industry standards for security and trust controls.
Verizon expands security portfolio with new solutions to combat cybercrime (IT Brief) Now, more than ever, organisations need to be thinking differently about security, and leveraging cutting edge technology to help mitigate against cybercrime.
AT&T, Palo Alto Networks, Broadcom collaborate to create Disaggregated Scalable Firewall framework (Telecompaper) AT&T, Palo Alto Networks and Broadcom collaborated to create the Disaggregated Scalable Firewall (DSFW) framework. This is an expansion to the Distributed Disaggregated Chassis (DDC) recently contributed to the Open Compute Project (OCP). DSFW will enable network operators to deploy firewalls as software-based platforms rather than hardware appliances.
NEC X and VACO Partner on AI/ML Solution, Enabling Enterprises to Accelerate Most Challenging Data Compliance Behind Own Firewalls at 10x Lower CAPEX (Globe Newswire) Complete Reference Design and Consulting Services Combine NEC’s SX-Aurora TSUBASA™ AI Platform and VACO’s Best in Class Technology Consulting and Cognitive Computing Framework® for PII Redaction
Cipherloc Corporation Introduces New QuantaNova (TM) Division and New QuantaNova.com Website (Benzinga) QuantaNova™ will be the new home of patented, certified encryption technology
The ZEROSPAM solution now includes the Bitdefender world class threat protection technology #39593 (New Kerala) Business World: The ZEROSPAM solution now includes the Bitdefender world class threat protection technology - MONTREAL: ZEROSPAM and Bitdefender are proud to announce a new Technology Licensing partnership that adds the Bitdefender world class threat protection technology to all instances of the ZEROSPAM cloud email security solution as of January 15th, 2020.
Recorded Future Awarded Threat Intelligence Contract for Accelerated Security With U.S. Cyber Command #39283 (New Kerala) United States News: Recorded Future Awarded Threat Intelligence Contract for Accelerated Security With U.S. Cyber Command - BOSTON: Recorded Future, the global leader in security intelligence, today announced it has been awarded a Production-Other Transaction Agreement P-OTA contract facilitated by the Defense Innovation Unit DIU for threat intelligence, paving the way for the company to provide real-time threat analysis
Technologies, Techniques, and Standards
The top-ten tenets of software quality assurance, part three: the formal review (Computing) Formal reviews are often left by the wayside, but without them annoying defects can become crippling bugs, warns Mark Wilson
Why Your Biometrics Are Your Best Password (Forbes) Passwordless authentication ensures that login credentials are unique across every website, never stored on a server, and never leave the user’s device.
Why more companies should follow Microsoft In collaborating on cyber-security (SC Magazine) Last July Microsoft joined the Linux Distribution Security Contacts List. This strategic move is intended to allow it to better address the myriad security challenges of its software products. Should you follow?
Banks engage in self-hacks to keep defenses sharp (Banking Dive) Enlisting teams of hackers to look for vulnerabilities helps banks take their security efforts beyond scanning software.
Design and Innovation
Smart grid security and defensive military architecture of the middle-ages; an interesting comparison (Smart Energy International) Why are our castles now just romantic ruins? Part of the answer is gunpowder and the eventual victory of the iron projectile over stone walls.
Legislation, Policy and Regulation
The Pentagon’s General Counsel on the Law of Military Operations in Cyberspace (Lawfare) Last week, the Defense Department’s general counsel gave a speech setting forth the department’s current position on the laws applicable to military operations in cyberspace. Here’s what you need to know.
Huawei's Australian 5G Ambitions Are Dead (Gizmodo Australia) In 2018 the Turnbull government announced Chinese vendors would be banned from supplying technology to 5G networks in Australia. While no companies were specifically named, it was clear Huawei and ZTE were the primary targets. Over the following 18 months Huawei was vocal about its belief this was a mistake. But now...
Top U.S. envoy presses Canada over Huawei role in 5G network: officials (Reuters) A senior U.S. envoy on Monday pressed Canada about Ottawa's forthcoming dec...
Trump’s top 5G adviser in Canada as officials still mulling Huawei decision (Global News) The U.S. deems the Chinese tech giant a national-security threat.
Huawei: government tries to head off Tory 5G network rebellion (the Guardian) Tory doubters invited to meeting with senior security expert in effort to allay fears
The Head of U.S. Counterintelligence Hoists the Red Flag (Security Info Watch) William Evanina warns the nation’s CSOs and technology vendors that China’s plan of global domination is real and the security threats constant
Cyber Command doubled its contract spending in the past year (Fifth Domain) U.S. Cyber Command more than doubled the amount of money it issued in defense contracts between fiscal years 2018 and 2019, according to figures provided in written testimony to Congress.
Moving the Flock Into Cybersecurity (SIGNAL Magazine) Air Force CROWS organization injects cyber resiliency into the service’s acquisition processes, training and weapons systems.
Now you need a notarized document to get a .gov domain (Naked Security) The US government is tightening its rules around the registration of government web domains to stop fraudsters impersonating government sites.
Acting intelligence chief will not brief lawmakers on election security despite expectation he was coming (CNN) Acting Director of National Intelligence Richard Grenell said late Monday he will not be briefing lawmakers on Tuesday about election security despite being expected on Capitol Hill by members of Congress to be on the panel of the country's most senior national security officials.
Trump's intel power play spooks the spooks (POLITICO) The CIA never welcomed its overlords in the Office of the Director of National Intelligence. But now, the agency confronts its worst nightmare.
Analysis | The Cybersecurity 202: Intelligence community faces an uphill battle combating leaks after mistrial in Schulte case (Washington Post) Jurors failed to convict the accused CIA leaker on most charges.
Analysis | The Cybersecurity 202: Senate bill sparks open war over encryption (Washington Post) Lawmakers launched the most serious challenge in decades to the digital protection.
HHS introduces new rules to give patients more control over their health data (TheHill) The Department of Health and Human Services (HHS) introduced two new rules on Monday that are aimed at giving patients more secure access to and control over their health data.
Home Office Inches Closer to Unified Crime Data Lake (Computer Business Review) The Home Office has inched closer to creating a unified crime data lake hosted in the public cloud - with the launch of a £3 million cybersecurity tender.
New York May Ban Ransomware Payments from Municipalities (Technology Solutions That Drive Government) Bills proposed in the state’s legislature would prohibit local governments from complying with hackers’ demands for payments.
Litigation, Investigation, and Enforcement
Split Verdict Given for CIA Programmer Charged in Massive Leak (Wall Street Journal) Jury finds Joshua Schulte guilty of false statements and contempt of court but deadlocks on whether he actually gave information to WikiLeaks
Jury in CIA leaks case fails to reach a verdict on most serious charges (Washington Post) Jurors in New York said they were “extremely deadlocked” on whether Joshua Schulte gave classified hacking tools to WikiLeaks.
Trial of Programmer Accused in C.I.A. Leak Ends in Hung Jury (New York Times) The judge declared a mistrial on the most serious charges against Joshua Schulte, who was accused of giving secret documents to WikiLeaks.
Jury in CIA leaks case fails to reach a verdict on most serious charges (BostonGlobe) Officials had called the case the biggest leak of classified information in the intelligence agency’s history.
Minor convictions for ex-CIA coder in hacking tools case (POLITICO) Joshua Schulte was convicted by a jury of contempt of court and making false statements after a four-week trial in Manhattan federal court.
WSJ News Exclusive | AT&T Cooperates With Justice Department in Google Probe (Wall Street Journal) The telecommunications giant has conferred several times with Justice Department officials in their antitrust investigation, two years after the company was at loggerheads with the department over its Time Warner acquisition.
Spyware maker NSO runs scared from Facebook over WhatsApp hacking charges, fails to show up in court (Register) Meanwhile, Broadcom and Symantec have merger woes
NSO Group works to explain no-show in court for WhatsApp suit, plots defense (CyberScoop) Israeli spyware company NSO Group has asked a U.S. District Court for a 120-day extension to reply to WhatsApp’s lawsuit.
FBI arrests Russian behind Deer.io, a Shopify-like platform for cybercrime (ZDNet) Feds say Deer.io has been hosting hundreds of online shops where hackers are selling hacked accounts.
Talkspace threatens to sue a researcher over bug report (TechCrunch) The therapy app sent the security researcher a cease and desist letter for his blog post describing a website bug.
Hacker Stole Teacher’s Identity, Impersonated Kenny Chesney to Break Into Celeb Emails: Feds (The Daily Beast) The suspect even allegedly impersonated Kenny Chesney to wheedle nude photos out of victims.
Industry Events
upcoming Events
Techno Security & Digital Forensics Conference (San Diego, California, USA, Mar 9 - 11, 2020) Techno Security & Digital Forensics Conference provides a unique education experience that blends together the digital forensics and cybersecurity industries for collaboration between government and private sectors. The purpose is to raise international awareness of developments, teaching, training, responsibilities, and ethics in the field of IT security and digital forensics. Educational sessions cover topics within the following primary tracks from which CPE credits can be earned: Audit/Risk Management, Forensics, Investigations, Information Security, and Sponsor Demos. Learn from industry experts, connect with leading suppliers, and discover the latest innovations in cybersecurity and digital forensics.
InfoSec Connect 2020 (San Diego, California, USA, Mar 15 - 17, 2020) InfoSec Connect is a high profile, interactive meeting of senior-level cybersecurity leaders from top credit unions, US banks, insurances, and financial services companies. It’s a forum built to share detailed discussions, source solutions/services from leading providers, and gain valuable insights on improving strategy. It covers discovering cutting-edge security approaches and managing risk in the ever-changing threat of the cybersecurity workforce.
SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, Mar 18 - 19, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.
National Cyber League (NCL) Spring Season (Various locations, Mar 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.
Inaugural Tampa Cyber Security Summit (Tampa, Florida, USA, Mar 20, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from the U.S. Dept. of Homeland Security, the U.S. Dept. of Justice, Darktrace, ExtraHop and more about the latest threats facing your company.
Sponsor & Support
Grow your brand, generate leads, and fill your funnel.
With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.