If you haven't yet, take a look at CyberWire Pro, launched last week. A new subscription program, CyberWire Pro is designed for security professionals and all others who want to stay abreast of this rapidly evolving field. CyberWire Pro is a premium news service that will save you time and keep you informed.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Offshoring trolling. COVID-19's implications for security. Out-of-band Microsoft patch. List of bad actors.
Russian trolling has been off-shored, in part at least, to operators in Ghana and Nigeria, CNN reports. It's election-season influence, and it's very much in the Russian style: disruptive and racially themed.
The COVID-19 pandemic is generating two immediate security effects. First, it's dramatically increased the incidence of telework and this, as the Washington Post and others point out, brings with it an expanded opportunity for cyberattack and a relatively unfamiliar set of security challenges. Second, both criminals and nation-state intelligence services are exploiting public concern about the pandemic to send phishing emails. ZDNet offers a summary of Russian, Chinese, and North Korean organizations using coronavirus-themed vectors to install malware in their targets. Recorded Future reports that many criminal attacks arrive as convincing spoofs of trusted sources like the World Health Organization and the US Centers for Disease Control. And ransomware gangs are hitting public health agencies at a time when the availability of their services and information are in high demand: Mother Jones describes one such attack in Illinois.
Microsoft yesterday issued an out-of-band patch for a vulnerability hinted at but not addressed on Patch Tuesday. It fixes a server remote code execution issue in the way the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.
Reporters Without Borders has published its selection of bad cyber actors, ranging from companies to gangs, to government agencies, to intelligence services, to semi-official political units. Infosecurity Magazine notes the announcement was made in conjunction with yesterday's World Day Against Cyber-Censorship.
Today's issue includes events affecting Brazil, China, Ghana, India, Ireland, Democratic Peoples Republic of Korea, Russia, Ukraine, United Kingdom, and United States.
Bring your own context.
Some thoughts on changing the opposition's calculus. You're not going to reform them.
"We can't change the motives and the drives and the attacker. We can't even change what their skill sets happen to be. But what we can do is we can reduce their opportunity. We can neutralize that tendency to go from esteem to theft to conquest. We can be a very inhospitable environment for them to try to tiptoe into because we have eyes everywhere and we can see all of that. Risk and threat work in cybersecurity is a game of probabilities. What we can focus on, what we can put our attention on is lowering the probability of exploit. And the best way to do that is by seeing all those places where it could happen and mitigate any of the risks and exposures before they actually are hit. And I would just say that that's one of the things to really focus on. We can do a lot of work trying to interpret and understand an APT. We can look into nation-states, and we can imagine worst-case scenarios, but in reality, what ends up getting hit is the exposure you didn't see coming that was just opportunistically available for an attacker at the right time."
So think of deterrence through denial.
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.