skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

Security experts continue to mull the significance of the Triton/Trisis hack, disturbing in that it was designed to manipulate industrial safety systems. Control Global's Unfettered blog has a number of interesting points to make. First, there are some noteworthy similarities to Stuxnet (in apparent goals and approach). Stuxnet happened seven years ago, and Triton still came as a surprise. Second, comingling control and safety systems results in a loss of safety. The plant Triton attacked escaped catastrophic damage because it was saved by its "hard-wired analog safety systems."

North Korea's Lazarus Group again pursues Bitcoin (whose market price continues its fast rise). Some researchers report signs of a similar Russian interest in the cryptocurrency. 

Researchers at F5 Networks report a Monero mining campaign, "Zealot," which is exploiting the same Apache Struts vulnerability used to breach Equifax. It's also deploying EternalBlue and EternalSynergy, exploits the Shadow Brokers leaked earlier this year, saying they were taken from NSA.

Cryptocurrency exchange Bitfinex sustained another large distributed denial-of-service campaign yesterday.

A database (MongoDB) of California voters was found exposed online and compromised by attackers late last week. The data appear to have been compiled by some third party, not the State of California, which says its systems and data are secure. California is investigating.

After turning down an offer from Atos last week, Gemalto has agreed to be acquired by Thales for a reported sum of nearly $4.5 billion.

Facebook acknowledges that research indicates Facebook may impair mental health, and so prescribes more Facebook.

Notes

Today's edition of the CyberWire reports events affecting Australia, Bangladesh, European Union, India, Iran, Democratic Peoples Republic of Korea, Pakistan, Russia, Saudi Arabia, Singapore, United Kingdom, United States.

A note in memoriam: Teddy Draper, Sr., one of the last of the US Marine Corps Navajo codetalkers of the the Second World War, has passed away at the age of 96. Semper fi, Mac; ave atque vale.

How are you handling your cloud monitoring and security?

Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.

In today's podcast, we hear from our partners at the SANS Institute and the Internet Storm Center podcast, as Johannes Ullrich discusses the ways in which scammers profiteer on the occasion of natural disasters.

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Attacks, Threats, and Vulnerabilities

A New Industrial Hack Highlights the Cyber Holes in Our Infrastructure (MIT Technology Review) Freshly discovered malware called Triton can compromise safety systems that control many kinds of industrial processes. For years, security experts have been warning that hackers can disable systems that control critical infrastructure we all rely on, such as dams and power plants.

Cyber Attack Hits Safety System in Critical Infrastructure (Automation World) The first attack directly targeting a safety instrumented system, the Triton malware caused operational disruption to a facility in the Middle East.

New TRITON ICS Malware is Bold and Important (Nozomi) FireEye [full disclosure, FireEye is a partner of Nozomi Networks], has reported that it has recently worked with an industrial operator whose facility was attacked by a new type of ICS malware, which they are calling TRITON.

Triton: hackers take out safety systems in 'watershed' attack on energy plant (the Guardian) Sophisticated malware halts operations at power station in unprecedented attack which experts believe was state-sponsored

Implications of the Triconex safety system hack – Stuxnet part 2? (Control Global) The Triconex safety systems and Stuxnet cyber attacks bear interesting similarities. Both were nation-state hacking of control system networks through operators’ Windows-based workstations to download alternate control system logic, affected safety systems that were connected to non-safety systems, and used hacking methodologies that can applied to other ICS vendors.

Introducing the Adversary Playbook: First up, OilRig (Palo Alto Networks Blog) Introducing the adversary playbook by Unit 42. First up, OilRig.

Lazarus group conducting malware attacks to steal Bitcoins (HackRead) Bitcoin's price set a new record on Saturday when it reached USD 19,000 a piece and it looks like North Korea is trying to take full advantage of it. Accor

Russia, N. Korea Eye Bitcoin for Money Laundering, Putting It on a Crash Course with Regulators (Defense One) Thieves and sanctioned countries are targeting the digital currency’s exchanges, setting up a fight between governments and cryptocurrency powerhouses.

McMaster Accuses Russia of Subversion, Kremlin Reacts (Atlantic Council) US National Security Advisor Lt. Gen. H.R. McMaster and his team deserve credit for clear expression of the threat to the United States from autocratic, revisionist powers, especially Russia. Outlining the new National Security Strategy (NSS) to be...

Russia's naval updates threaten undersea comms network, says top British military officer (Defense News) Britain’s top military officer has warned that a modernized Russian Navy poses a threat to the undersea fiber-optic cable networks. However, this is not entirely a one-sided affair.

Why Russia is threatening transatlantic cables (Washington Examiner) It's about maximizing Russia's potential to win a quick war.

Kremlin's new cyber weapons spark fears and fantasies (Yahoo! News) From Donald Trump's election to Brexit and the Catalan crisis, accusations that the Kremlin is meddling in Western domestic affairs have heightened fears over Russian hackers, trolls and state-controlled media. While the first accusations against Moscow came following a 2016 hack attack on the US

"Zealot" Campaign Uses NSA Exploits to Mine Monero on Windows and Linux Servers (BleepingComputer) An aggressive and sophisticated malware campaign is currently underway, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency.

Zealot: New Apache Struts Campaign Uses EternalBlue and EternalSynergy to Mine Monero on Internal Networks (F5 Networks) New Apache Struts campaign, Zealot, targets vulnerabilities in Windows, Linux, and the DotNetNuke CMS, then leverages leaked NSA exploits to move laterally through internal networks and mine Monero.

Russian oil pipeline computer hacked to mine Monero coins (HackRead) The current price of 1 Bitcoin is almost USD 20,000 and those who cannot invest in cryptocurrencies find other ways get some. On Friday 15th December, Russ

Bitfinex cryptocurrency exchange hit by "heavy DDoS" attack again (HackRead) On December 12, 2017, one of the world's largest cryptocurrency exchange Bitfinex announced its servers were under a series of massive distributed denial o

New GnatSpy Mobile Malware Family Discovered (TrendLabs Security Intelligence Blog) Earlier this year researchers first disclosed a targeted attack campaign targeting various sectors in the Middle East. This threat actor was called Two-tailed Scorpion/APT-C-23. Later on, a mobile component called VAMP was found, with a new variant (dubbed FrozenCell) discovered in October.

For 8 days Windows bundled a password manager with a critical plugin flaw (Ars Technica) Plugin for Win 10 version of Keeper had bug allowing sites to steal passwords.

Attackers exploit old WordPress to inject sites with code enabling site redirection, takeover (SC Media US) Attackers have exploited an old WordPress vulnerability to infect more than one thousand websites with malware capable of injecting malvertising and even creating a rogue admin user with full access privileges, according to researchers.

Dune! Game App Leaking Sensitive Data of Millions of Android Users (HackRead) Last week HackRead exclusively reported how a Fidget more spin app on Play Store is sending other apps data on an Android device to a server based in China

Loapi malware capable of destroying Android phones (CSO Online) Kaspersky Lab researchers discovered a new versatile malware capable of cryptocurrency mining, launching DDoS attacks and so much more that it destroyed the Android phone after two days of testing.

New PRILEX ATM Malware used in targeted attacks against a Brazilian bank (Security Affairs) PRILEX is a new ATM malware analyzed by researchers at Trend Micro that was used in high-targeted attacks against a Brazilian bank.

Hackers demand ransom for California voter database (TheHill) 19 million California voters potentially had data stolen from a cloud account.

Cyber Criminals Steal Voter Database of the State of California (MacKeeper™ Security Research Center) Cyber Criminals Steal Database Containing Every Registered Voter in the State of California

Zeus Panda Banking Trojan Targets Online Holiday Shoppers (Proofpoint) Banking Trojans work by injecting code into web pages as they are viewed on infected machines, allowing the malware to harvest banking credentials and credit card information as victims interact with legitimate sites.

Security Patches, Mitigations, and Software Updates

Google security bod finds and fixes Keeper password security flaw in Microsoft Windows 10 (Computing) Critical security update released for Microsoft password management software

Cyber Trends

Digital economy risks being derailed by next generation cyber threats (The Straits Times) Cyber security was a key area of interest in the past year with the increased frequency of cyber breaches and onslaught of ransomware attacks against governments, corporations and consumers worldwide.

Cyber criminals are becoming increasingly sophisticated, says Symantec CTO (Which-50) Cybercriminals caused significant service disruptions around the world over this past year, using increasingly sophisticated methods to break through cyber defences.

Half of business leaders admit to hiding data breach information (SearchSecurity) Data breach information gets hidden, according to a new survey in which business leaders admit they don't notify customers when their data is compromised.

10 Of The Biggest Business Cyber Attacks (VPN Mentor) With cyber attacks on businesses worldwide on the rise, explore 10 of the most high profile hacks of the year.

New Large Email Security Study Shows A Massive 10.5% Failure Rate (LinkedIn) Aggregated results show over 10% average rates at which enterprise email security systems miss spam, phishing and malware attachments.

Email Security Gap Analysis: Aggregated Results (Cyren) Average rates at which enterprise email security systems miss spam, phishing and malware attachments.

Cyber Security Post Equifax: Perceptions and Priorities from Massachusetts Residents (Advanced Cyber Security Center) In light of the recent Equifax cyber security breach and the ever-increasing need to protect digital assets in today’s computerized economy, the Advanced Cyber Security Center asked Mass Insight and BW Research...

Marketplace

GDPR leading to increased cyber insurance uptake (Insurance Times) According to a CFC Underwriting survey of industry representatives, GDPR is driving more demand for cyber insurance

Thales agrees to buy Gemalto in digital security deal worth ~$5.43BN (TechCrunch) Digital security solutions provider Gemalto has agreed to a €51 per share acquisition offer from French aerospace and defense group Thales -- in a deal..

Thales trumps Atos in Gemalto takeover battle (Computing) Atos folds after Thales agrees a deal for Gemalto 11 per cent higher than Atos's bid

Report: Amazon in talks to acquire cybersecurity startup Sqrrl (SiliconANGLE) Amazon.com Inc. is reportedly in advanced talks to acquire Sqrrl Data Inc., a Massachusetts-based cybersecurity software company that specializes in advanced threat detection for enterprise users.

StarHub to buy homegrown cryptography firm for up to S$122m (Channel News Asia) StarHub has agreed to buy homegrown firm D'Crypt - the company behind the technical and security systems in the In-Vehicle Units in Singapore cars - for up to S$122 million.

Upstream Security Raises $9M to Secure Autonomous Vehicles (eSecurity Planet) The cybersecurity startup's cloud-based service paves the way for secure connected cars and autonomous vehicles.

Siemens to boost R&D spending by €450 million (MarketWatch) Siemens AG (SIE.XE) said Friday that investments in research and development will rise an additional 450 million ($530.6 million) in fiscal 2018 as it tries to accelerate its innovation process.

Thales launches Digital Business Unit (Gigabit) Thales, a global technology leader for the aerospace, transport, defence and security markets, has announced that it will be regrouping its digital assets under a new Digital Business Unit, beginning 1 January 2018.

Russian envoy wants Kaspersky Lab to secure BHIM project (National Herald) A new defense law in the US bans the use Kaspersky Lab from government computers over company’s alleged links to Russia’s spy agencies. The company says it understands US president’s “real intentions”

This U.K. Cyber Upstart Is Beating Silicon Valley Giants (Bloomberg) In a world where protecting against cyber crime is high on most big business agendas, a U.K. provider of IT security to clients as small as dentists and neighborhood stores is outpacing the best that Silicon Valley has to offer.

Dawn E. Lucini Named Telos ID’s Vice President, Aviation Security (Telos) Lucini brings vast industry experience to flourishing aviation security business.

Products, Services, and Solutions

InfoArmor PrivacyArmor Identity Protection and Restoration Adopted by Baird Corp. as an Employer-Sponsored Benefit (GlobeNewswire News Room) Baird Joins Leading and Forward-Looking Employers In Offering “Best-In-Class” Employee Benefit, Proactively Protecting Employees in Wake of Recent 3rd Party Mega-Breaches

IBM's quantum platform signs first clients: JPMorgan Chase, Daimler, Samsung and more (DatacenterDynamics) The early-access IBM Q platform draws some big names

IGEL Becomes First Manufacturer of Endpoint Computing Solutions to Integrate deviceTRUST (PRNewswire) IGEL, a world leader in endpoint management software for the secure...

PKWARE and Boldon James partner to offer an integrated data discovery, classification, encryption and key management solution (Business Insider) PKWARE, a global leader in encryption software, has announced a strategic partnership with Boldon James, the world's leader in data classification, to offer an integrated set of data discovery, classification and encryption products that combine these capabilities into one simple workflow.

Technologies, Techniques, and Standards

Joining Forces in Cyber Warfare - Historical Move (iHLS) This post is also available in: עברית (Hebrew)NATO recently announced the creation of Cyber Operations Center as part of an overall effort

How the Pentagon’s cyber offensive against ISIS could shape the future for elite U.S. forces (Washington Post) 'We should be conducting operations like this continuously in a campaign,' said the chief of U.S. Special Operations Command.

What can cyber do for you, the commander? (C4ISRNET) As the Army is testing new capabilities for cyber and electronic warfare at the tactical edge, these capabilities must be able to meet the commanders' needs.

Here’s how the Army is trying to integrate information operations (C4ISRNET) The Army is beginning to introduce information capabilities back into maneuver units.

US ports building up cyberattack defenses (Journal of Commerce) Several port authorities told JOC’s Port Performance North America Conference on Wednesday that they take the threat very seriously.

How to Avoid a SaaS Security Disaster (CIO) Properly managed, the combination of shadow IT and SaaS can make companies more agile and competitive. But the security risk is very real.

4 reasons to rethink incident response playbooks (SecurityInfoWatch.com) Hackers love the static nature of concrete policy

Five things CIOs can do as IoT adoption turns into a nightmare (Help Net Security) CIO needs to create a balance between the promise that IoT technology delivers in terms of business benefits with potential security challenges.

Lock out: The Austrian hotel that was hacked four times (BBC News) The internet of things poses new threats to our security, so how should we be fighting back?

Contestants launch nearly 39,000 attacks in Radware Hacker's Challenge competition (SC Media US) The first-ever U.S.-based Radware Hacker's Challenge took place in New York City last week, daring pentesters, bug bounty hunters, and other security pros to launch attacks on a simulated network and website in a head-to-head race against the clock.

How enterprises must prepare for the tech generation (Help Net Security) This generation is even more digitally savvy. They have never lived in a world without the internet, meaning they expect technology at every turn.

Design and Innovation

How to Build a More Resilient Power Grid (IEEE Spectrum: Technology, Engineering, and Science News) During big storms, falling trees cause more damage to power grids than strong winds

The Creator of Signal Has a Plan to Fix Cryptocurrency (WIRED) MobileCoin aims to make cryptocurrency transactions quick and easy for everyone, while still preserving privacy and decentralization.

The Bitcoin Experiment (The Cipher Brief) The launch of Bitcoin futures trading is a good moment to consider the cyber and wider security issues raised by this and other cryptography-based currencies. It is worth making the distinction between the blockchain technology underpinning Bitcoin, and Bitcoin as a currency or investment. The second has generated heat and headlines, but it is the technology itself that is … Continue reading "The Bitcoin Experiment"

What zero-knowledge proofs will do for blockchain (VentureBeat) Zero-knowledge (ZK) proofs are generating excitement in financial circles lately due to their potential for increasing privacy and security for blockchain participants.

Mozilla Slipped a ‘Mr. Robot’-Promo Plugin into Firefox and Users Are Pissed [Updated] (Gizmodo) Mozilla sneaked a browser plugin that promotes Mr. Robot into Firefox—and managed to piss off a bunch of its privacy-conscious users in the process.

Twitter today starts enforcing new rules around violence and hate (TechCrunch) Twitter today says it will begin to enforce new rules related to how it handles hateful conduct and abusive behavior taking place on its platform. The changes..

New Facebook algorithm update attempts to quell “engagement bait” posts (Ars Technica) Posts that only want your clicks won't appear as often on news feeds any more.

Research and Development

We need to talk about mathematical backdoors in encryption algorithms (Register) Yo, NSA maths chaps, can you hear me? – Black Hat man

DARPA's SDR Hackfest tackles UAVs, electromagnetic spectrum, and communications challenges (Military Embedded Systems) The Defense Advance Research Projects Agency’s (DARPA) Bay Area Software Defined Radio (SDR) Hackfest concluded last month displaying innovative ideas on the challenging communications issues that stem from the electromagnetic (EM) spectrum along with the propagation of wireless-enabled devices.

Social media is bad for your mental health, Facebook admits (Times) Facebook has finally conceded that social media can harm mental health but it proposed that users improve their wellbeing by posting more updates and comments. Academic studies have raised concerns...

Academia

UMSL earns only NSA, DHS focus area specialization within 9-state region (UMSL Daily) The recognition expands on UMSL's designation as a National Center of Academic Excellence in Cyber Defense Education.

How parents of kid hacker raise a cyber whizz and deal with naysayers (The Straits Times) ​At five, Reuben Paul came up with his first video game - a simple program where big fishes chase and eat smaller ones.. Read more at straitstimes.com.

Legislation, Policy, and Regulation

Serious progress made on the Wassenaar Arrangement for global cybersecurity (TheHill) More than 40 nations gathered this month to update the Wassenaar Arrangement, which governs the international use and sale of cyber weapons.

Cyber security at nuclear facilities (Bulletin of the Atomic Scientists) The current political climate makes it difficult for the United States and Russia to cooperate on cyber security, but they can start by supporting other nations that have civilian nuclear facilities.

Cyber warfare: Our Achilles’ heel? (Dhaka Tribune) The case for improving our cyber-security capabilities

America has banned China firms from doing THIS – EU and UK welcomes them (Express) THE US has banned a Chinese tech giant from bidding for government contracts over fears Beijing will use the opportunity to steal information - the EU and the UK however, are not following suit.

Body meant to resolve cases of cyber fraud near defunct (The Sunday Guardian) A premier body with judicial powers to resolve cases of cyber fraud in the country legally, has remained as good as defunct even after being merged with another body in April this year.

China a ‘competitor’ in Trump’s security strategy, officials say (South China Morning Post) US leader may also reverse Barack Obama’s declaration that climate change is a threat to security, official says

Net Neutrality Ends: Now What are the Possibilities? (BeyondTrust) The end of net neutrality places the United States into unknown territory for Internet access...

Senators to introduce bipartisan bill to prevent foreign cyber interference in elections (CBS News) The bill comes ahead of the 2018 midterm election season

Wicker, Senators Introduce "Internet of Things" Consumer TIPS Act (Mississippi News Now) U.S. Senators Maggie Hassan (D-NH) and Roger Wicker (R-MS) announced the "Internet of Things Consumer Tips for Improve Personal Security Act (IoT Consumer TIPS Act) of 2017 today. The bill would re...

Litigation, Investigation, and Law Enforcement

Putin thanks Trump for intelligence that prevented St Petersburg terror attack (The Telegraph) Russian President Vladimir Putin called US President Donald Trump on Sunday to thank the Central Intelligence Agency for relaying information that lead to the arrest of several individuals since Friday suspected of plotting terrorist attacks in St.

Long Island woman allegedly used Bitcoin to fund ISIS (FDD's Long War Journal) Zoobia Shahnaz allegedly defrauded financial institutions as part of a scheme to fund the Islamic State. She is also accused of seeking to join the so-called caliphate this past summer. Shahnaz was stopped for questioning at JFK International Airport on July 31, but not arrested until this week.

US says did everything possible to help Italy cyber investigation (CNBC) The United States has denied suggestions it undermined an investigation into a massive data breach at the Italian cybersecurity firm Hacking Team

How One of Australia's Richest Men Lost $1 Million in Email Scam (Bloomberg) The multi-millionaire founder of Twynam Agricultural Group Pty Ltd. lost $1 million in an email fraud, a London court heard Thursday. The British man who facilitated the theft says he’s a victim too.

Here’s the letter alleging Uber spied on individuals for competitive intelligence (Recode) The letter has been submitted as evidence in Alphabet’s lawsuit against Uber.

Feds moving quickly to cash in on seized bitcoin, now worth $8.4 million (Ars Technica) Authorities seized 513 BTC and 512 BCH from a suspected Dark Web dealer.

Hacker "Courvoisier" Pleads Guilty to Attacks on Uber, Groupon, T Mobile, Others (BleepingComputer) A UK man living in a caravan park has pleaded guilty last week to cyber-attacks on 17 websites and selling stolen user information on the Dark Web.

Palantir Investor Says Company Sabotaged Stock Sale to Chinese (Bloomberg.com) One of Palantir Technologies Inc.’s early investors accused the data-mining startup of sabotaging his attempt to sell his $60 million stake to a Chinese company so directors and executives could enrich themselves by selling their stock instead.

Trump insists he won’t fire Mueller from Russia inquiry (Times) President Trump has quashed rumours that he planned to fire Robert Mueller, amid accusations from Republicans that the special counsel’s Russia investigation was biased. Asked on his return to...

Secrets the FBI Shouldn’t Keep (Wall Street Journal) Sen. Ron Johnson demands answers about the bureau’s political biases.

Was the Steele Dossier Used to Obtain a FISA Warrant Against Trump’s Campaign? (National Review) We need to know the answer.

GOP senator: FBI agent's political text messages don't taint all of Robert Mueller's investigation (Washington Examiner) “Obviously I don't think it taints the entire process but certainly taints that season of it, something should look at with any political in...

FBI officials’ text message about Hillary Clinton said to be a cover story for romantic affair (Washington Post) Republican critics of the bureau have seized on the message, saying it’s proof of political bias.

GOP chairman worried by Trump's stance on Russian interference (TheHill) “I think there is a lot of, for whatever reason, avoidance of the issue," Rep. Michael McCaul said.

Bad split develops between Trump, intel community (Las Vegas Review-Journal) Michael Morrell, former acting head of the CIA under Barack Obama, says he may have contributed to President Donald Trump’s distrust of the intelligence community by endorsing Hillary Clinton…

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.