Permit us to remind you again that our new subscription program, CyberWire Pro, will launch soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
Iranian power grid battlespace prep? Website vandals probably hacktivists. Lifeline Assistance serves preinstalled malware?
Both Iran and the US appear to have signaled a desire for de-escalation, the Washington Post says, but the report Dragos issued yesterday about Magnallium (also known as APT33, Elfin, or Refined Kitten) has kept alive concerns about North American power grid security. Dragos as a matter of company policy doesn't attribute threat groups to nation-states, but others haven't hesitated to do so: Magnallium is generally regarded as an Iranian unit. WIRED points out that what's worrisome is the prospect that a long-running password-spraying campaign--effectively battlespace preparation--has enabled Iranian operators to establish persistence in systems associated with electrical power generation and distribution.
The pro-Iranian hackers who left their mark on a variety of lightly defended sites over the past week (including one belonging to a California dentist and another run by the University of Maryland) increasingly look more like angry script kiddies sympathetic to Tehran than they do Iranian cyber operators, the Verge reports.
Malwarebytes warns that discount UMX phones the US Lifeline Assistance program provides low-income users arrive with Chinese malware preinstalled.
Las Vegas declared victory over the attempted cyberattack it sustained early Tuesday, ZDNet reports. There was immediate speculation about an Iranian operation, but now the incident is being compared to earlier criminal attacks on Atlanta and Baltimore.
Cybersecurity got its own category on Jeopardy GOAT last night, but all three of the champions were stumped by the $600 answer. Here's what they should have buzzed in with: "The question is, Alex, 'What is "bring your own device?"'
Today's issue includes events affecting Australia, Canada, China, Iran, Iraq, Malta, Syria, Taiwan, Ukraine, United Kingdom, and United States.
Bring your own context.
One of the attacks Iranian cyber operators have come to be known for is the wiper attack.
"Wiper or destructive attacks are totally different than the attacks we traditionally see, where, you know, most of the industry is focused on, let's say, data exfiltration attack, where the bad guys get access to data, extort it for money, profit or influence. Well, your systems didn't go down. Or, of course, of late, we're getting more and more familiar with ransomware, which is somewhat destructive, at least if you don't pay the ransom. But you always kind of have that inkling in the back of your mind that, worst-case scenario, there's an out of, maybe I just pay these guys. And unfortunately, we see more and more of that happening as ransomware hits health care institutions and state and local governments all over the country. But the difference with a destructive or Wiper attack is it's all gone. And by all, I mean you walk in on an idle Tuesday, nothing works. You've got - in fact, even your phone systems may be down. And the type of response you need is much more about business resiliency."
—Caleb Barlow, CEO at CynergisTek, on the CyberWire Daily Podcast, 1.8.20.
Consider secure, regular, air-gapped backup as an aspect of resilience.
Each year, the cybersecurity industry is bombarded with threats to be concerned about. In the beginning of 2019, we heard about threats like artificial intelligence, machine learning, and ransomware attacks that would plague cyber professionals all year long. LookingGlass threat researchers want to look back at the trends that stood out to them, and which type of threats we can expect to see in 2020. Join us January 16 at 2pm ET for our webinar.