We're pleased to announce that our new subscription program, CyberWire Pro, will launch soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.

Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
Dustman wipes data in Bahrain. Disinformation from Tehran. US alerts warn of Iranian cyber threat. Lazarus Group ups its game.
Citing a report by Saudi Arabia's National Cybersecurity Authority, multiple sources report that "Dustman," a destructive Iranian cyber campaign, has hit Bapco, Bahrain's national oil company. ZDNet outlines the malware as a successor to earlier Iranian wiper campaigns, notably Shamoon. Yahoo News points out that the cyberattack hit on December 29th, 2019, the same day the US retaliated for the death of an American contractor in a rocket attack with airstrikes against Iranian proxies in Syria and Iraq.
Twitter has also suspended two accounts it found impersonating journalists, the Daily Beast reports. The accounts were disseminating "Iranian propaganda," although as usual it's difficult in such cases to distinguish a state-run operation from a hacktivist demonstration. The Telegraph argues that Iran has developed a significant online disinformation capability over recent years. While calling it a capability that rivals Russia's is surely overstated, Tehran's operators aren't contemptible.
As both the US and Iran appear to have backed away from kinetic combat, the New York Times predicts that cyber operations will become more attractive. CNN summarizes the cautions US agencies, notably the FBI and CISA, have issued concerning possible Iranian cyberattacks, and the warnings have reached a spooked and skittish audience. Consider this week's incident in Las Vegas, where local speculation turned quickly to Iran.
Kaspersky has been tracking the Lazarus Group's AppleJeus campaign, and concludes that North Korea is becoming more careful, more sophisticated, and more focused on the cryptocurrency sector as Pyongyang continues its policy of addressing financial shortfalls through cybercrime.
Today's issue includes events affecting Australia, Bahrain, Canada, China, India, Iran, Iraq, Democratic Peoples Republic of Korea, NATO/OTAN, New Zealand, Saudi Arabia, Syria, Taiwan, United Kingdom, and United States.
Bring your own context.
Signs of executive buy-in with respect to industrial control system security.
"But the industrial control system community is - I think we've reached a critical turning point - or inflection point, I should say - in the industrial control system community where there is an executive-level awareness that this is going to require an actual strategy for industrial security that's different than the enterprise. And why I say that is, 2018, I did a lot of board presentations at these companies. It was very endearing. And it was exciting to see them having these conversations. But I probably did - I don't know - 15 to 20 of them. In this year, this past year, I have started to see all of the board members that - talked to board members who - network, and similar I'm seeing the CSOs have the same kind of talking points. I'm seeing an executive-level buy-in. We've always had kind of a practitioner-level awareness, but executive-level buy-in that this is something that needs to be done and can be done."
—Robert M. Lee, CEO of Dragos, on the CyberWire Daily Podcast, 1.7.20.
A healthy awareness is welcome.
Each year, the cybersecurity industry is bombarded with threats to be concerned about. In the beginning of 2019, we heard about threats like artificial intelligence, machine learning, and ransomware attacks that would plague cyber professionals all year long. LookingGlass threat researchers want to look back at the trends that stood out to them, and which type of threats we can expect to see in 2020. Join us January 16 at 2pm ET for our webinar.
In today's Daily Podcast, out later this afternoon, we speak with our partners at Terbium Labs, as Emily Wilson shares details from their recent report, “How Fraud Stole Christmas.” Our guest is Karl Sigler from Trustwave, on the risks of continuing, at this eleventh hour, of using Windows 7.
And Hacking Humans is up. In this episode, "Ransomware is a reality," Dave has a master list of cyberbadness. Joe has some handy red flags this tax season straight from our beloved IRS. The catch of the day features an alluring proposition from someone who is probably not "Sofia". Our guest is Devon Kerr with Elastic Security Intelligence and Analytics who shares his insights about Ransomware.