Most companies aren’t prepared to secure data and assets for a surge of remote employees. Whether your VPN is over capacity, new cloud services are coming on-board, or new devices need protection, we have you covered during this critical time. McAfee is offering 3-month subscriptions for Endpoint Protection, Unified Cloud Edge, and CASB to help you scale security to your remote employees. Learn more about these offers at mcafee.com/workfromhome.
For more, see our daily update on COVID-19 and the cybersecurity community.
Citing an anonymous foreign government source, the Washington Post reports that intelligence services have concluded that a recent cyberattack against the Iranian port of Shahid Rajaee was the work of Israeli operators, possibly in retaliation for earlier attacks against Israeli water treatment facilities.
DarkOwl researchers are tracking the activities of the REvil gang that's claimed responsibility for hacking celebrity law firm Grubman Shire Meiselas & Sacks. The criminals say they've received offers for information they claim to have on President Trump, and that their next offer is of data connected with Madonna. Bidding starts at $1 million.
EasyJet has disclosed a databreach that affected some nine-million customers. The Guardian writes that the airline describes the incident as the work of "highly sophisticated" criminals.
Verizon this morning released its annual Data Breach Report. This year's version is twice the length of its predecessors, covering more regions and more economic sectors. As Reuters reads it, one of the principal conclusions is that financial gain significantly outpaces espionage as a motive for hacking: 86% of the breaches covered were committed for money, not intelligence. Industry Week's takeaway is the biggest problem is people, not systems. Our own pre-briefing call with Verizon led to that same conclusion. Exploits are rarely the way breaches are accomplished. The report concludes that "error," such mistakes as incorrectly configured databases and misdelivered emails, are now about as big a problem as social engineering. There's another trend in attack technique: web app attacks, the researchers conclude, have roughly doubled.
Today's issue includes events affecting Australia, China, France, Germany, Iran, Israel, Russia, Saudi Arabia, United Kingdom, and United States.
Offense and retaliation, with lessons for defense.
"Those who live in glass houses shouldn’t throw stones. […] Assume that in cyberspace the U.S. government has the best stones, the sharpest, the shiniest stones, really great stones. But let’s also recognize that we live in the glassiest house. So sharpest stones, glassiest house."
—Michael Sulmeyer, quoted on the backward-striking possibilities of offensive cyber in The Fifth Domain by Richard A. Clarke and Robert K. Knake. You can hear an interview with author Richard A. Clarke on the CyberWire's Interview Selects, 4.24.20.
Imposition of consequences involves a cost-benefit estimation, and that estimation necessarily includes consideration of further retaliation. It's not that offensive or retaliatory operations aren't ever appropriate (they often are), but that one's own risk be taken into account during the planning. Harden your house.
Staying one step ahead of your adversaries is more challenging than ever. Fortunately, deception technology can give new visibility and intelligence in combating threat actors who seek to infiltrate your network.
Join our webinar on May 27 at 12pm EDT to learn how to optimize your deception technology investments to enhance your day-to-day security threat detection and mitigation activities.
In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses the ACLU's suit against the Baltimore Police Department's use of a surveillance plane. Our guest is Robb Reck from Ping Identity on a recent CISO Advisory Council meeting regarding the implications of the sudden shift to working from home.
Recorded Future's threat intelligence podcast, produced in partnership with the CyberWire, is also up. In this episode, "Making the Framework for Threat Intelligence Easy," guest Chris Cochran, threat intelligence and operations lead at Netflix, and co-host of the Hacker Valley Podcast discusses his career in cybersecurity, from his ambitious beginnings as a student, his service in the U.S. Marine Corp, and his time at U.S. Cyber Command as a member of the team pioneering threat intelligence before it was even known by that name. He also shares his thoughts on leadership, as well as his development of an intelligence framework that goes by the acronym EASY.
In this week's episode of CSO Perspectives, "Cybersecurity first principles." the CyberWire's CSO Rick Howard continues his discussion of first principles with an account of zero trust, the next infosec building block.
France defends 'centralized' coronavirus tracing app, insists privacy held sacred (ZDNet) The country says StopCovid could be valuable in preventing a second COVID-19 wave.
A 4-year old app that's now helping fight Covid-19 in India (ETCIO.com) How the Swachchta app of Ministry of housing and urban affairs is now helping in the fight against Coronavirus
The cybersecurity experts defending the UK against elite coronavirus hackers (The Telegraph) Cybersecurity businesses are hiring extra staff to try to keep up with demand
Scammer clones job placement website to prey on the unemployed for cash and personal information (New York Daily News) The messages included a link to a website that looked almost exactly like a legitimate staffing agency. The only problem — it was a fake.
Fake U.S. Dept of Treasury emails spreads new Node.js malware (BleepingComputer) A new Node.js based remote access trojan and password-stealing malware is being distributed through malicious emails pretending to be from the U.S. Department of the Treasury.
Trojans found attacking Indian Co-operative banks using Covid-19 spear-phishing: Report (Hindu Business Line) Seqrite, a specialist provider of cybersecurity products and services, has detected a new wave of Adwind Java Remote Access Trojan (RAT) campaign targeting Indian co-operative banks using Covid-19 as
COVID-19 pandemic makes the case to get rid of passwords (World Economic Forum) As cybercriminals exploit the crisis, passwords are one of the most vulnerable targets. Getting rid of passwords can improve security and lower costs.
This golden age for fraudsters requires a new era of authentication (Computing) Covid-19 has been a goldmine for criminals, we need to get better at defending ourselves
Enforcement Discretion Regarding COVID-19 Community-Based Testing Sites (CBTS) During the COVID-19 Nationwide Public Health Emergency (Office of the Secretary, HHS.) This notification is to inform the public that the Department of Health and Human Services (HHS) is exercising its discretion in how it applies the Privacy, Security, and Breach Notification Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Pandemic Raises New Cybersecurity Concerns for Navy (National Defense) An increase in telework during the COVID-19 pandemic has created new concerns about cybersecurity in the Navy, according to a service official.
Big Tech was first to send workers home. Now it’s in no rush to bring them back. (Washington Post) Many big tech companies have told employees that most of them will work from home at least until next year.
It Costs $7 For Your Boss to Monitor You Working Remotely (Atlas VPN) Data compiled by Atlas VPN shows that, on average, managers pay $7 to monitor a single employee. Demand for staff monitoring services has increased three times since the beginning of quarantine, the founder and the chief executive of Hubstaff, a well-known tracking software company, reports.
Hacker: Higher Education rose to the challenge of COVID-19 (Prairie Public) The president of the state Board of Higher Education said the past semester has been a challenge – as students were forced to take classes on-line, rather
Recession, Job Losses, Another Pandemic and Protectionism Are Top Worries, Say Industry Leaders (World Economic Forum) · “Prolonged global recession”, “high unemployment”, “another outbreak of infectious disease” and protectionism dominate the list of near-term worries for companies, according to the World Economic Forum’s report, COVID-19 Risks Outlook: A Preliminary Mapping and Its Implications, released today.
Officials: Israel linked to a disruptive cyberattack on Iranian port facility (Washington Post) The attack in early May is believed to have been retaliation for an earlier hacking attempt targeting Israeli water supplies.
Web Giants Scrambled to Head Off a Dangerous DDoS Technique (Wired) Firms like Google and Cloudflare raced to prevent an amplification attack that threatened to take down large portions of the internet with just a few hundred devices.
ADHA details My Health Record breach attempt (ZDNet) The Australian Digital Health Agency also said it's working with healthcare providers to ensure they are cyber resilient.
EasyJet: Nine million customers' details 'accessed' by hackers (Sky News) EasyJet has revealed that the personal details of nine million customers have been accessed by "highly sophisticated" hackers.
EasyJet Hit by Cyber Attack, Hackers Access 9 mln Customers' Details (Voice of America) British budget airline easyJet said on Tuesday hackers had accessed the email and travel details of around 9 million customers, and the credit card details of more than 2,000 of them, in a "highly sophisticated" attack.
BlueScope Steel hit by cyber attack causing worldwide system shutdown of operations (ABC News) Australia's largest steelworks is the subject of a cyber attack, forcing it to halt production systems.
REvil hackers continue to wrack up high-profile targets with ransomware attacks — DarkOwl | Dark Web Search Engine (DarkOwl | Dark Web Search Engine) Since first leaking highly-sensitive personal information pertaining to Lady Gaga, the threat actor group has since targeted Sherwood Food Distributors and Donald Trump. Our team has been monitoring the situation closely and will continue to update here as new developments arise. UPDATES: REvil
FBI warns about attacks on Magento online stores via old plugin vulnerability (ZDNet) FBI says hackers have been planting card skimmers on online stores by exploiting a 2017 bug in the MAGMI plugin.
Diebold Nixdorf ATM attack by ProLock ransomware used QakBot trojan to access networks (SC Magazine) ProLock ransomware also exploits unprotected Remote Desktop Protocol (RDP)-servers with weak credentials.
ProLock, a New Ransomware Strain, Hitting Firms for Six Figures (Computer Business Review) A new ransomware variant, ProLock, marries well-known techiques (it is typically hitting systems via RDP and phishing) with novel approaches to...
FBI warns of ProLock ransomware decryptor not working properly (BleepingComputer) Multiple actors in the ransomware business saw the new coronavirus pandemic as the perfect opportunity to focus on an already overburdened healthcare sector. ProLock is yet another threat to the list.
Netwalker ransomware actors go fileless to make attacks invisible (SC Magazine) Reflective dynamic-link library (DLL) injection found being used to infect victims with Netwalker ransomware in hopes of making the attacks untraceable while frustrating security analysts.
Expert Insight On Elexon cyber attack (Information Security Buzz) Elexon, an organisation that is central to the balancing and settlement of the UK electricity market, has been hit by a cyber-attack. Following security experts provide their insight below: Elexon, a Critical UK Electricity Network Administrator, Hit by Cyber Attack https://t.co/nCKvDxq1wH pic.twitter.com/3j4qmH8quM — Angelo G Longo (@aglongo) May 18, 2020
Microsoft Confirms Serious New Security Problem For Windows 10 Users (Forbes) Microsoft has now advised customers who want to "stay ahead of advanced data theft" to upgrade to a new PC—here's why.
Mirai and Hoaxcalls Botnets Target Legacy Symantec Web Gateways (Unit42) New Hoaxcalls and Mirai botnet campaigns found targeting end-of-life Symantec Secure Web Gateways via Remote Code Execution vulnerability.
Vulnerability Summary for the Week of May 11, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Resolve to come in cyber attack (Richmond Register) In the midst of a global pandemic, Richmond City Manager Rob Minerich and forensics specialists hope to have a resolution this week to an unauthorized, third-party data breach which occurred
2019 Data Breach Investigations Report (Verizon) The Verizon Data Breach Investigations Report (DBIR) provides you with crucial perspectives on threats that organizations like yours face.
Verizon DBIR: We Have a People Problem (Industry Week) Verizon's 2020 Data Breach Investigation Report results provide clear guidance for manufacturers.
Financial gain trumps espionage as top motivator in cyber attacks: report (Reuters) Money trumped spying as the top motivator for data breaches last year, according to Verizon's annual report on cyber crimes published on Tuesday.
Money is still the root of most breaches (Help Net Security) Verizon DBIR offers insight into 2019 cyber attack trends and the threats organizations in various industry verticals and parts of the world face.
Verizon DBIR: Money is still the main motivating factor for hackers (CyberScoop) Verizon's DBIR report says that cybercrime is a lucrative business that continues to grow at a remarkable rate, espeically in 2019.
Number of breached records surged by 273% in 2020 Q1 (Atlas VPN) According to Atlas VPN investigation, the number of breached records globally surged by 273%, when comparing 2019 Q1 to 2020 Q1. During the first three months of 2020, over 8.4 billion documents got leaked.
Financial Services Companies Lack Trusted Data to Make Security Decisions Reports Panaseer (Yahoo) Senior security leaders within financial services companies are challenged by a lack of trusted data to make effective security decisions and reduce their risk from cyber threats, according to Panaseer's 2020 Financial Services Security Metrics Report. Results from a global external survey of over
Charlesbank Capital Partners Invests $70 Million in Elbit Systems' Subsidiary, Cyberbit (PR Newswire) Elbit Systems Ltd. (NASDAQ: ESLT) and (TASE: ESLT) ("Elbit Systems") announced today that Charlesbank Technology Opportunities Fund, a fund...
PE Firm Gets Cold Feet With $1.9 Billion Acquisition of Forescout Technologies (SecurityWeek) Forescout Technologies (NASDAQ:FSCT) said that private equity firm Advent International would not be moving forward as planned with its $1.9 billion acquisition of Forescout that was announced in February.
TSMC halts new Huawei orders after US tightens restrictions (Nikkei Asian Review) Taiwan chipmaker's relationship with second-biggest customer under fire
Huawei Braces for Latest U.S. Hit, but Some Say Loopholes Remain (Wall Street Journal) Huawei said the Trump administration’s move to thwart its access to semiconductors will damage its ability to maintain its telecommunications networks, but some U.S. specialists say the latest ban has significant loopholes.
Huawei confident about survival, despite 'unjustified' US action (The Parliament Magazine) Technology giant remains committed to its customers, open innovation, and inclusive development, says Rotating Chairman Guo Ping
Greater Washington lands another company on the Fortune 500 (Washington Business Journal) Fortune has unveiled its 2020 list of the 500 largest publicly traded American companies, and just like it did in 2019, Fairfax County has a new entrant. Reston’s Science Applications International Corp. (NYSE: SAIC) enters the Fortune 500 at No. 466 with $6.38 billion in 2019 revenue...
Palo Alto Networks: Overlooked Growth Opportunities (Seeking Alpha) Palo Alto Networks is a leading network security provider whose legacy on-premise business continues to perform relatively well as the network security market changes.
AT&T Leads Initiative to Train Military Veterans in Cybersecurity (AT&T) AT&T teams up with NPower to enhance cybersecurity curriculum focused on helping to protect America’s data infrastructure.
US cyber-security firm creates 65 jobs in Belfast (BBC News) Boston firm Cygilant is setting up a centre in Northern Ireland, with 25 of the jobs already in place.
Former CIA Assistant Director Joins KnectIQ Board (PR Newswire) KnectIQ Inc., an innovator in cybersecurity, announced today that John Mullen has joined their advisory board. "We are delighted to welcome...
wolfSSL Announces Release of wolfSSL Version 4.4.0 and Updates to Rela (PRWeb) wolfSSL, a leading provider of TLS cryptography and the world’s first commercial release of TLS 1.3, is proud to announce wolfSSL v4.4.0, the embedded TLS libr
Red Canary Integrates Managed Detection and Response to Microsoft Defender Advanced Threat Protection (ATP) (GlobeNewswire) Red Canary, a member of the Microsoft Intelligent Security Association, today officially announced Red Canary Managed Detection and Response for Microsoft Defender Advanced Threat Protection (ATP)
HackerOne’s services formally authorized for use by federal agencies (Fifth Domain) It's a significant step as federal agencies look to create vulnerability disclosure programs.
Toka Selected by Chile and Inter-American Development Bank to Assess and Support Chile’s National Cybersecurity Readiness (GlobeNewswire) The IDB-funded project will help Chile respond to emerging cybersecurity threats
Game Theory: Why System Security Is Like Poker, Not Chess (ForAllSecure) Cyber offense and defense isn’t chess. It’s a game of poker. In chess, you have complete visibility into your opponent’s position and moves. In poker, you lack that visibility which also happens in the cyber realm.
Research Commentary: Measuring the True Cost of Network Outages (Opengear) The global findings discussed in this research commentary reveal what 500 global Senior IT decision-makers and network managers are thinking & planning related to downtime and building resilient networks
CISOs are critical to thriving companies: Here's how to support their efforts (Help Net Security) CISOs may be struggling, but they are immensely talented and uniquely important. It’s time to support their efforts in meaningful and tangible ways.
Cybersecurity Ops : Terminal (IBM) Malicious hackers have targeted an international airport, do you have what it takes to respond to the attack?
Incentivising Cybersecurity through Cyber Insurance (RUSI) The Incentivising Cybersecurity through Cyber Insurance (ICCI) project is a collaboration between the University of Kent (UoK) and the Royal United Services Institute (RUSI) which intends to analyse ways in which cyber insurance could provide a significant lever to promote a step change towards better cyber risk management in organisations.
La. Tech College of Engineering and Science announces cyber security scholarships (News Star) Six students that exemplify the commitment to academic excellence and service to the community were awarded a CyberCorps Scholarship for Service.
Five things you need to know about cyber war (The Jerusalem Post) After the US killed IRGC Quds Force commander Qasem Soleimani, it was concerned about Iranian cyber retaliation against US infrastructure, such as the electricity grid.
McConnell taps Rubio as acting Intelligence Committee chair after Burr stepped aside amid FBI probe of stock sales (Washington Post) Sen. Marco Rubio (R-Fla.) will replace Sen. Richard Burr (R-N.C.), whose cellphone was seized last week in a probe of stock sales he made before the coronavirus pandemic crashed global markets.
Senate renews warrantless collection of web histories (Naked Security) The government can keep on surveilling your online life without a warrant. An amendment to ban it failed by just one vote.
Supreme Court rejects lawsuit against Facebook for hosting terrorists (The Verge) The suit claimed Facebook was illegally supporting Hamas.
High Court Won't Hear Facebook, Twitter Privacy Case (Law360) The U.S. Supreme Court said Monday it won't hear Facebook and Twitter's claim that privacy rights guaranteed under the Stored Communications Act prevent criminal defendants from obtaining users' private posts and messages to build their cases — an issue that has been playing out in California courts.
Gov't To Retry Ex-CIA Coder In Wikileaks Espionage Case (Law360) Prosecutors told a Manhattan federal judge Monday they will retry former CIA programmer Joshua Schulte on espionage charges, after a jury found him guilty of lying to the FBI and illegally sending information from jail but deadlocked on accusations that he sent U.S. hacking secrets to WikiLeaks.
Fortinet sues Forescout for alleged patent violations (CRN Australia) Related to Bradford Networks network access control (NAC) technology.
FBI slams 'Apple problem' as it unlocks Pensacola shooter's iPhones (CNET) The Justice Department says Apple's refusal to break its own encryption hampered a national security investigation.
[Update: Apple responds] FBI links Pensacola shooter to Al-Qaeda with cracked iPhones with ‘no thanks to Apple’ (9to5Mac) It looks like the most recent contention between the FBI and Apple over device encryption has come to an end as the agency has unlocked the two iPhones belonging to the Pensacola shooter with “no thanks to Apple.” Going further, AG William Barr has again called for the government to force Apple and others to …
Analysis | The Cybersecurity 202: Barr ramps up encryption war with Apple over Pensacola shooter's phone (Washington Post) The two sides are farther apart than ever.
For a complete running list of events, please visit the Event Tracker.
41st IEEE Symposium on Security and Privacy (SP2020) (San Francisco, California, USA, May 18 - 20, 2020) IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems.
AFCEA/GMU Critical Issues in C4I Symposium (Online, May 19 - 20, 2020) For well over a decade, the AFCEA/GMU Critical Issues in C4I Symposium has connected academia, industry and government annually to address important issues in technology and systems research and development. The audience is typically more than 70% government/military featuring decision makers at all levels looking to advance their understanding of the key C4I challenges being faced now and in the future.
Cyber and Technology Day at Fort Gordon (Fort Gordon, Georgia, USA, May 20, 2020) If your product or service is cyber-related, Fort Gordon is where you want to be. The Fort's 2020 Cyber and Technology Day provides an excellent opportunity for IT, cybersecurity and tactical technology-oriented companies to network face-to-face with the Army's key IT, communications, and cybersecurity personnel.
Georgetown Law 2020 Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2020) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don’t know what they don’t know! At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.
Techno Security & Digital Forensics Conference (Myrtle Beach, South Carolina, USA, May 31 - Jun 3, 2020) Techno Security & Digital Forensics Conference provides a unique education experience that blends together the digital forensics and cybersecurity industries for collaboration between government and private sectors. The purpose is to raise international awareness of developments, teaching, training, responsibilities, and ethics in the field of IT security and digital forensics. Educational sessions cover topics within the following primary tracks from which CPE credits can be earned: Audit/Risk Management, Forensics, Investigations, Information Security, and Sponsor Demos. Learn from industry experts, connect with leading suppliers, and discover the latest innovations in cybersecurity and digital forensics.
