We're pleased to announce that our new subscription program, CyberWire Pro, will launch soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
More Signal. Less Noise.
MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
Dustman wipes data in Bahrain. Disinformation from Tehran. US alerts warn of Iranian cyber threat. Lazarus Group ups its game.
Announcements
CyberWire Pro: coming soon.
Summary
Citing a report by Saudi Arabia's National Cybersecurity Authority, multiple sources report that "Dustman," a destructive Iranian cyber campaign, has hit Bapco, Bahrain's national oil company. ZDNet outlines the malware as a successor to earlier Iranian wiper campaigns, notably Shamoon. Yahoo News points out that the cyberattack hit on December 29th, 2019, the same day the US retaliated for the death of an American contractor in a rocket attack with airstrikes against Iranian proxies in Syria and Iraq.
Twitter has also suspended two accounts it found impersonating journalists, the Daily Beast reports. The accounts were disseminating "Iranian propaganda," although as usual it's difficult in such cases to distinguish a state-run operation from a hacktivist demonstration. The Telegraph argues that Iran has developed a significant online disinformation capability over recent years. While calling it a capability that rivals Russia's is surely overstated, Tehran's operators aren't contemptible.
As both the US and Iran appear to have backed away from kinetic combat, the New York Times predicts that cyber operations will become more attractive. CNN summarizes the cautions US agencies, notably the FBI and CISA, have issued concerning possible Iranian cyberattacks, and the warnings have reached a spooked and skittish audience. Consider this week's incident in Las Vegas, where local speculation turned quickly to Iran.
Kaspersky has been tracking the Lazarus Group's AppleJeus campaign, and concludes that North Korea is becoming more careful, more sophisticated, and more focused on the cryptocurrency sector as Pyongyang continues its policy of addressing financial shortfalls through cybercrime.
Notes.
Today's issue includes events affecting Australia, Bahrain, Canada, China, India, Iran, Iraq, Democratic Peoples Republic of Korea, NATO/OTAN, New Zealand, Saudi Arabia, Syria, Taiwan, United Kingdom, United States
Bring your own context.
Signs of executive buy-in with respect to industrial control system security.
"But the industrial control system community is - I think we've reached a critical turning point - or inflection point, I should say - in the industrial control system community where there is an executive-level awareness that this is going to require an actual strategy for industrial security that's different than the enterprise. And why I say that is, 2018, I did a lot of board presentations at these companies. It was very endearing. And it was exciting to see them having these conversations. But I probably did - I don't know - 15 to 20 of them. In this year, this past year, I have started to see all of the board members that - talked to board members who - network, and similar I'm seeing the CSOs have the same kind of talking points. I'm seeing an executive-level buy-in. We've always had kind of a practitioner-level awareness, but executive-level buy-in that this is something that needs to be done and can be done."
—Robert M. Lee, CEO of Dragos, on the CyberWire Daily Podcast, 1.7.20.
A healthy awareness is welcome.
A Look Back at Cybersecurity In 2019
Each year, the cybersecurity industry is bombarded with threats to be concerned about. In the beginning of 2019, we heard about threats like artificial intelligence, machine learning, and ransomware attacks that would plague cyber professionals all year long. LookingGlass threat researchers want to look back at the trends that stood out to them, and which type of threats we can expect to see in 2020. Join us January 16 at 2pm ET for our webinar.
On the Podcast
In today's Daily Podcast, out later this afternoon, we speak with our partners at Terbium Labs, as Emily Wilson shares details from their recent report, “How Fraud Stole Christmas.” Our guest is Karl Sigler from Trustwave, on the risks of continuing, at this eleventh hour, of using Windows 7.
And Hacking Humans is up. In this episode, "Ransomware is a reality," Dave has a master list of cyberbadness. Joe has some handy red flags this tax season straight from our beloved IRS. The catch of the day features an alluring proposition from someone who is probably not "Sofia". Our guest is Devon Kerr with Elastic Security Intelligence and Analytics who shares his insights about Ransomware.
Sponsored Events
Free Dragos Webinar: Introducing MITRE ATT&CK™ for ICS and Why it Matters (Online, January 14, 2020) Register today for the Jan. 14 webinar introducing the MITRE ATT&CK for ICS, a new framework that organizes and codifies the malicious threat behaviors affecting industrial control systems. Led by security experts from Dragos and MITRE, who worked together on the framework, you’ll find out how it works, why it was developed and when to apply it.
RSAC 2020 (San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Kaspersky: North Korean hackers getting more careful, targeted in financial hacks (CyberScoop) Lazarus Group is tweaking some of its malware, delivery mechanisms, and payloads to evade detection, according to Kaspersky Labs.
China Steps Up Its Information War in Taiwan (Foreign Affairs) Ahead of Saturday's election, the Chinese government has undertaken a vast information influence campaign in Taiwan.
NY Post Reporter’s Identity Hijacked to Spread Pro-Iran Propaganda (The Daily Beast) It’s one of a number of bogus accounts that spread fake news about enemies of the Iranian regime.
Iran Is Getting Ready to Blow Up A Fake Aircraft Carrier, Again (Defense One) To test weapons, try out tactics, and intimidate adversaries, Iranian forces may attack its barge-borne “carrier” as soon as March.
How Iran built an online disinformation machine to rival Russia's (The Telegraph) What do you do when when the world's most powerful country considers you an implacable enemy?
FBI, Homeland Security warn of Iranian terror and cyber threat in new intelligence bulletin (CNN) The FBI and Department of Homeland Security warned of the terror threats Iran poses to the US in a joint intelligence bulletin sent to law enforcement throughout the country on Wednesday.
Prepare For the Worst From Iran Cyber Attacks, As DHS Issues Warning: Experts (Breaking Defense) Experts warn that Iran almost certainly now has the cyber tools to inflict physical damage on US critical infrastructure.
Iran’s Military Response May Be ‘Concluded,’ but Cyberwarfare Threat Grows (New York Times) Cybersecurity experts are seeing malicious activity from pro-Iranian forces, and warning that Iran has the capacity to do real damage to American computer systems.
The US is worried about Iran retaliating with a cyberattack (Vox) Iran’s formidable cyber arsenal includes malware and DoS attacks.
Cyber threat from Iran sparks warning from CISA, ‘heightened vigilance’ from agencies (Federal News Network) Recent tension between the U.S. and Iran have given CISA an opportunity to test its cyber threat intelligence-sharing capabilities in the new year.
Iran Cyber Threat Update (McAfee Blogs) Recent political tensions in the Middle East region have led to significant speculation of increased cyber-related activities. McAfee is on a heightened
New Iranian data wiper malware hits Bapco, Bahrain's national oil company (ZDNet) Saudi Arabia's cyber-security agency spots new Dustman data-wiping malware.
Saudis warn of new destructive cyberattack that experts tie to Iran (Yahoo News - Latest News & Headlines) The Saudi authorities detected a new destructive cyberattack suspected of coming from Iran on Dec. 29, the same day the U.S. military struck targets controlled by Iranian-backed proxies in retaliation for a rocket attack that killed an American contractor the previous Friday.
Las Vegas reports experiencing ‘cyber compromise’ (StateScoop) City officials acknowledged a network security incident that may result in brief service interruptions to residents, but few other details of the event are known.
Las Vegas data breach comes amid Homeland Security warning on Iranian cyber threat (KSNV) Around 4:30 a. m. Tuesday, someone attempted to hack into the city of Las Vegas data systems. The city released the following statement to News 3: The city of Las Vegas experienced a cyber compromise at 4:30 a. m. PST Tuesday. The city’s Information Technologies Department is assessing the extent of the compromise. When aware of the attempt, the city immediately took steps to protect its data systems.
No data believed to be lost after city of Las Vegas network breach (KSNV) No data is believed to have been lost following a cyber breach of the city of Las Vegas' network, the city said Wednesday. All systems are functioning as normal after Tuesday's compromise, according to a post from the city's Twitter account. "We do not believe any data was lost from our systems and no personal data was taken," the city tweeted. "We are unclear as to who was responsible for the compromise, but we will continue to look for potential indications.
The State of Threats to Electric Entities in North America (Dragos) This blog is a summary of the Dragos North American Electric Cyber Threat Perspective. Read the full perspective here. Attacks on electric systems – like attacks on other critical infrastructure secto
Major TikTok Security Flaws Found (New York Times) The vulnerabilities, which the app says it has fixed, could have let attackers manipulate content and extract personal data.
Hackers are searching for Citrix servers vulnerable to remote code execution flaw, security researchers warn (Computing) Citrix vulnerability puts more than 80,000 organisations at risk of attack
Citrix NetScaler CVE-2019-19781: What You Need to Know (The State of Security) Craig Young would strongly advise all organizations with NetScaler/ADC to apply the mitigation immediately to avoid compromise.
Cyber criminals stalked Travelex before launching attack (The National) Secretive group has threatened to delete the company’s data unless it is paid $6m
Banks stop currency service after Travelex attack (BBC News) High Street banks say foreign currency supplies have dried up after Travelex's ransomware attack.
ICO: Travelex hasn't reported a data breach (Computing) 'The company has not reported a data breach,' ICO tells Computing, but adds that they may be required to 'explain why it wasn't reported'
Travelex Staff Go Back to Basics as Ransomware Cripples Systems (New York Times) Staff at foreign exchange firm Travelex are using pen and paper to serve thousands of customers after the company said cyber hackers were holding its systems to ransom, leading to a global blackout on its online currency exchange services.
Barclays, Lloyds, RBS and HSBC all hit by Travelex cyber attack (Mirror) An attack on Travelex has spilled over onto some of the UK's biggest banks, which relied on the firm to give customers a way to buy forign money online
College Athlete Recruiting Software Exposed Students' Medical Info, Grades (Vice) The exposed information from company Front Rush included physical evaluations, post-injury reports, and performance reviews from specific teams for particular players.
Medical Info of Roughly 50K Exposed in Minnesota Hospital Breach (BleepingComputer) The personal and medical information of 49,351 patients was exposed following a security incident involving two employees' email accounts as disclosed by Minnesota-based Alomere Health.
Vigilance Is The Best Defense To Cyber Attacks (Alomere Health News) Alomere Health understands the importance of protecting our patients’ information. On January 3, 2020, we began notifying some of our patients of an email incident that may involve portions of their information. On November 6, 2019, we learned that an unauthorized person(s) gained access to an Alomere Health employee’s email account between October 31 and …
Interpeak IPnet TCP/IP Stack (Update D) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River
Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, Null Pointer Dereference
Why Phishing Threatens Your Brand’s Integrity (CPO Magazine) Study shows phishing attacks have reached the highest in three years and rising in emerging regions such as Brazil and other parts of South America. Why does it threatens a brand’s integrity?
Security Patches, Mitigations, and Software Updates
TikTok Confirms ‘Severe’ SMS Security Threat: Critical New Update Released (Forbes) This new security threat highlights the cybersecurity risks associated with the world's leading social media platforms.
Mozilla patches Firefox zero-day reported by Qihoo 360 (ZDNet) Chinese security firm claims there's also an accompanying Internet Explorer zero-day.
Google's Project Zero changes disclosure policy; Infosec community debates the need (SC Magazine) Project Zero goes public 90 days after disclosing the vulnerability to the affected organisation. Now, they have added a 14-day grace period on request
Cyber Trends
2020: The Vulnerability Fujiwhara Effect - Oracle and Microsoft Collide (RBS) Whether you are working in IT or not, you’re probably familiar with Microsoft’s Monthly Patch Tuesday. Introduced in 2003, this is when the software giant releases updates and patches for its software products. As we discussed in September 2018, we have seen more and more vendors piggybacking on thi
Why Is Payment Security Compliance Declining? (PaymentsJournal) When companies are attacked, personal and financial customer information from payment card data is often the target. The Payment Card
Marketplace
Trump is in a heated fight with Iran and these stocks are benefitting from it (Yahoo) Cybersecurity stocks are rocking as the conflict between the U.S. and Iran heats up.
Rockwell Automation to Acquire Avnet to Expand Cybersecurity Expertise (BusinessWire) Rockwell Automation signed an agreement to acquire Avnet Data Security, LTD. The move expands ROK's IT/OT cyber and network expertise globally.
AvePoint lands $200M investment to expand market for Microsoft cloud governance tools (TechCrunch) While Microsoft cloud services such as SharePoint, Microsoft Teams and Office 365 are used widely by large organizations, the products don’t come standard with an enterprise-grade control layer. That’s where AvePoint, a Microsoft independent software vendor (ISV), comes in. Today, the company announced a $200 million Series C investment.
Here's why IoT security startup Armis agreed to a $1.1B buyout on its way to an IPO (Silicon Valley Business Journal) Here's how this week's $1.1 buyout of rapidly growing Palo Alto-based IoT security startup evolved in the last two months, according to co-founder and CEO Yevgeny Dibrov.
Ring Fired Employees for Watching Customer Videos (Vice) "We are aware of incidents discussed below where employees violated our policies," a letter from Ring obtained by Motherboard reads.
MasterPeace Solutions Recognized by Raytheon with EPIC Award for Excel (PRWeb) MasterPeace Solutions Ltd., a rapidly growing cyber and technology company, today announced that they have been recognized by Raytheon, a technology and inn
Products, Services, and Solutions
Smarsh Expands and Enhances Support for Voice Compliance (BusinessWire) Smarsh®, helping customers get ahead – and stay ahead – of the risk within their electronic communications, today announced the expansion of support f
IT Pro Tuesday #49 | EveryCloud (EveryCloud) Hello IT Pro, We’re asking you, our community, to help us spread the word about some of the tips and tricks you use to make you more effective at your job. Let us know by email or in the comments below, and we’ll feature them over the next few weeks. Now that we’ve got that out of the way, let’s get onto the tools we have for you this week. As usual, we have to go through the disclaimer – we have no affiliation with any of the brands listed below unless we specifically say so.
Neustar approved as initial Secure Telephone Identity Certification Authority (Neustar) Click here for Neustar's press release archives from the year . Also find media kit download and PR contact info
VPNs—Better Off With ‘Em Or Without ‘Em? (Safe-T) With ZoneZero you can adopt a Zero Trust SDP architecture without getting rid of your VPN. Safe-T’s SDP enhances VPN security by adding SDP capabilities, allowing access to applications and services only after trust has been verified.
Mocana joins forces with Siemens to secure industrial IoT (Telecompaper) Mocana entered a new partnership with Siemens Digital Industries Software to bring Mocana’s security functionalities to any Industrial Internet of Things (IIoT) devices using MindSphere, the cloud-based IoT operating system from Siemens.
BlackBerry Cylance Extends Endpoint Security to Cars (MSSP Alert) BlackBerry Cylance & Amazon Web Services (AWS) partnership extends cybersecurity to connected cars. MSSPs must track emerging IoT security opportunity.
Technologies, Techniques, and Standards
How to Spot Data Breach Warning Signs to Protect Your Business (Benzinga) NYC area retail technology expert offers 5 steps to discover data security breaches earlier to save money and protect business reputation—in a new article from eMazzanti...
Crown Prosecution Service declares 'war on disks' is almost over (Computing) The CPS has transformed the way it handles multimedia, to raise security and lower costs
For the love of OPSEC, put your phone away (Military Times) Lectures of personal electronics use and operational security continue to fall on deaf ears.
Design and Innovation
CounterFlow AI Becomes First Commercial Sponsor of the Argus Project (CounterFlow) Network visibility provider will be the first to commercially integrate Argus with its AI platform
Alleged Spy App ToTok Puts Apple in a Bind (Wired) Apple and Google both banned ToTok after reports that it was a UAE government surveillance tool. After Google reinstated it, Apple has a hard choice to make.
Facebook’s Ban on Deepfakes Is a Half-Step at Best (Medium) It’s better than nothing — but just barely
Facebook bans deepfakes, but not cheapfakes or shallowfakes (Naked Security) Quick-n-sleazy edits are still OK, such as the 75% slowdown that made Nancy Pelosi slur or the edit that turned Joe Biden into a racist.
TikTok revamps content rules, aiming to clear up which videos it allows or blocks (Washington Post) TikTok on Wednesday released a set of new, more detailed rules about the videos it permits and prohibits, seeking to respond to concerns that its policies to protect users failed to keep pace with its meteoric rise.
Twitter will put options to limit replies directly on the compose screen (The Verge) They’re inspired by Twitter’s beta app.
Ring has terminated employees for abusing access to people’s video data, Amazon tells lawmakers (Washington Post) The employees were fired after accessing users' data in a way that “exceeded what was necessary for their job functions,” an Amazon official said.
Legislation, Policy and Regulation
‘Launch, launch, launch’: Inside the Trump administration as the Iranian missiles began to fall (Washington Post) An early warning helped soldiers in Iraq take cover and gave President Trump more time to plan a response.
Iran didn’t kill anyone in missile attack, spurring hopes for de-escalation (Military Times) With no casualties, the strikes may give the U.S. an opportunity to ease tensions with Iran.
Trump says Iran is ‘standing down’ after missile attacks on US troops (Military Times) The president's remarks came the morning after Iran fired more than a dozen rockets at U.S. base housing sites in Iraq.
Iraqi Shia cleric whose militia killed American troops says crisis is over following Iran strike and Trump speech (Military Times) Muqtada al-Sadr, whose Mahdi army led a resistance against American troops following the U.S.-led invasion of Iraq in 2003, also called for restraint and patience.
Khamenei misjudges Trump and loses his leading terrorist (The Washington Times) At 80 years of age, Ali Khamenei is an old man in a hurry. The ruler of the Islamic Republic of Iran regards himself as the leader of a global revolution, one that began years before the advent of al Qaeda, that jihadi-come-lately.
Trump wants NATO to be more involved in the Middle East. That may take some convincing. (Defense News) U.S. President Donald Trump called the NATO chief to ask for more regional support. Here's what was said.
Senator seeks ban on US sharing intelligence with countries using Huawei 5G gear (CNBC) Senator Tom Cotton (R-Ark.), the lawmaker who introduced the bill, said the U.S. should not share intelligence with countries that "allow an intelligence-gathering arm of the Chinese Communist Party to operate freely within their borders."
Is a single cybersecurity congressional committee possible? (Fifth Domain) There is consensus among Congress that lawmakers need to consolidate their jurisdiction of cyber issues. One solution would be to move all cyber oversight to a single committee.
Litigation, Investigation, and Enforcement
Chhattisgarh panel says no govt link to WhatsApp snooping case involving activists (Hindustan Times) According to Citizen’s Lab report in October 2019, a Canada-based organisation that conducts research on cyber security, Pegasus and WhatsApp hacks were used in India by a group calling itself Ganges to target journalists and activists.
Air Force Could Tap Into Individuals’ Online Data to Combat Insider Threats (Nextgov.com) The request for information stems from an executive order issued in 2011.
Industry Events
upcoming Events
CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable business strategies that will help take your cyber security to the next level.
Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA MENA unites IT & OT security leaders to network, learn, be inspired, and collaborate towards cyber resilience by exchanging first-hand expert information and joining forces in addressing common concerns.
SANS Cyber Threat Intelligence Summit (Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used to reduce an adversary's likelihood of success. Responders and defenders leverage accurate, timely, and detailed threat intelligence to monitor new and evolving attacks and subsequently adapt their security posture. Hear from top experts — Improve your threat intelligence capabilities. This event brings together leading experts and analysts for in-depth threat intelligence talks, world-class SANS training, DFIR NetWars, and exclusive networking events! The two-day Summit will provide you with specific analytical techniques and capabilities, through case studies and firsthand experience, that can be utilized to properly create and maintain threat intelligence in your organization.
CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable business strategies that will help take your cyber security to the next level.
SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers, and practitioners to form an ecosystem where personal contact fosters a climate in which disruptive solutions to hard challenges can emerge.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.