We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
For details, see our daily update on COVID-19 and the cybersecurity community.
It's now a commonplace that ransomware gangs threaten to dox their victims as well as render their data encrypted and inaccessible. A report this week from Microsoft's Microsoft Threat Protection Intelligence Team concludes that even the gangs who don't threaten to steal information are doing it anyway. The data represent another revenue stream. The report also concludes that ransomware attackers don't necessarily leave a victim's networks even after a victim has paid. Instead they'll maintain persistence as long as possible, the better to position themselves for subsequent attacks. Redmond offers a good deal of advice on how an organization could protect itself. Security teams might start by watching for malicious use of penetration-testing tools, signs of credential theft, and tampering with a security event log.
Bogus scareware threats have been around for years. These usually tell users that some law enforcement organization (usually the FBI) has found the users to be up to no good, and that the users must pay a fine to avoid further trouble. The scare is usually delivered by email or displayed in a browser. But CyberScoop says there's a new wrinkle: ransomware is encrypting Android devices and delivering a note impersonating the FBI that offers decryption once the fine is paid. Most of the victims have been in Eastern Europe, and the ransomware itself has been traded in Russian-speaking criminal markets. Needless to say, the Bureau doesn't collect fines this way.
The Verdict publishes advice on how Huawei can be excluded from core British infrastructure.
Today's issue includes events affecting Canada, China, Democratic People's Republic of Korea, Latvia, Russia, United Kingdom, and United States.
The reason the Department of Defense is moving forward with its Cybersecurity Maturity Model Certification (CMMC)..
"Cumulatively, we're losing about $600 billion a year in the U.S. to cyber-espionage—IP loss and straight up cyber-espionage. And so we knew we had to do something different. And we had - in 2014, President Obama signed in Special Publication 800-171 R1. And it was directed that all Department of Defense contracts that had CUI, controlled unclassified information, had to be attesting to doing these 110 controls in that NIST guideline. And so we just needed a way to ... get companies, A, prepared for the data that they'd be receiving, and to have an auditable, trackable way to do that, understanding the resourcing within the DOD. So we understood clearly that this needed to be outside the government, something that companies - much like an ISO certification. And we could then make sure that everybody had the critical thinking skills behind cyber that are needed to defend themselves in this industrial age."
—Katie Arrington, CISO for the Assistant Secretary for Defense Acquisition at the U.S. Department of Defense, on the CyberWire's Daily Podcast, 4.28.20.
So CMMC is designed in large part to address the problem of intellectual property theft.
Financial organizations are on the frontline of COVID-19 pandemic. Financial organizations are seeing a drastic spike in online transactions during this new normal of working, banking, and shopping from home. With a huge surge in online payments and massive increases in the volume of financial transactions, the potential for fraud, phishing, and other threats is more severe than ever. Join our webinar on May 13, to hear from Olga Polishchuck, LookingGlass’ Senior Director of Threat Analysis and Investigations on:
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at Dragos, as Rob Lee shares insights into a recent ransomware incident that shut down a gas pipeline. Our guest is Drex DeFord from Drexio, discussing healthcare cybersecurity during the COVID-19 pandemic.
Hacking Humans is up. In this episode, "Passwords are the easiest things to steal," Joe takes a look at a massive sextortion spam scheme, Dave has some advice for all of us, the Catch of the Day comes from down under, and later in the show we speak with Andrew Shikiar, Executive Director and Chief Marketing Officer at FIDO Alliance, who tells us why phishing and passwords remain such a huge security problem and options for doing away with passwords.
In this week's episode of CSO Perspectives, "Metrics and risk," we consider the related issues of metrics and the models that use them. All models are more-or-less accurate approximations of reality. The good ones, however, have some very valuable uses, and our CSO has some perspective on those uses.
