Our new subscription program, CyberWire Pro, will launch soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
The US FBI warned again of a heightened likelihood of Iranian cyberattacks, according to CyberScoop. The Bureau points to increased reconnaissance and scanning, but also notes, sensibly, that scanning from an Iranian IP address is not necessarily hostile, nor necessarily an indicator of an attack. The Bureau’s warning is consistent with conventional wisdom: a Washington Post poll of security industry leaders reports the same concerns.
Beyond last week's minor website defacements by sympathetic hacktivists, however, active attacks have yet to materialize. Forbes suggests that Iran is for the moment “on the back foot.” Protests in that country currently preoccupy its security forces, Reuters reports, with the immediate cause of the street demonstrations being the shootdown of Ukraine International Airlines Flight 752 on January 8th, for which Tehran acknowledged responsibility Saturday. The shootdown appears to have been a case of mistaken identity.
The most worrisome Iranian activity from the US point-of-view remains the password-spraying attempts against North American utility networks, on which Ars Technica has a brief update. The US Congress appears to be making heavy weather of rules of conflict in cyberspace. The Hill suggests that Congress is particularly concerned with determining what counts as an act of cyber war.
An eleventh-hour surge of Chinese propaganda and disinformation fell short of determining the results of Taiwan's presidential elections this Saturday. The New York Times reports that Tsai Ing-wen won reelection on the strength of support for continued independence, suggesting that Beijing's influence campaign (and the example of Hong Kong) backfired.
Today's issue includes events affecting Australia, Belgium, Brunei, Canada, China, European Union, India, Iran, Iraq, Israel, Democratic Peoples Republic of Korea, Pakistan, Russia, Taiwan, United Kingdom, United States, and and Vietnam.
Bring your own context.
Windows 7 reaches its end of life, for real, Wednesday. What should those still hanging onto it do?
"The most basic action you can take is to upgrade. If that's possible, it's highly recommended that you just upgrade. For Windows 7, that upgrade path would be to Windows 10. So for the desktop operating systems, if you're still on Windows 7 at home, you know that your organization is still using Windows 7, you want to look for that upgrade path to Windows 10. For Windows Server 2008, you're looking to upgrade to Server 2012 or hopefully 2016. Although we're seeing a lot of organizations, rather than upgrading in-house, just moving to cloud platforms for a lot of services, which puts, you know, the security question into somebody else's hands entirely, which is also a good path for upgrade."
Well, OK, fine, but aren't a lot of organizations still clinging to Windows 7, and for that matter, to Windows Server 2008?
"All over the place. By our estimates, at least a third of large organizations currently have some footprint of Windows 7 and Windows Server 2008 in those environments. We still see a lot of end users that are using them. People obviously don't like to upgrade. A lot of people, especially when it comes to technology, follow the principle, if it's not broke, don't fix it. And for Windows 7, Windows Server 2008, if it's still doing what you need it to do, then no one really has the impetus to upgrade."
—Karl Sigler, manager of SpiderLabs Threat Intelligence at TrustWave, on the CyberWire Daily Podcast, 1.9.20.
A thought: WannaCry appeared shortly after Windows XP reached its end of life. It's not unreasonable to think that something may hit Windows 7 and Windows Server 2008 in the not too distant future.
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
In today's Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin offers his take on a Washington Post story about college campuses gathering location data on their students.