Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
December 18, 2017.
By The CyberWire Staff
Security experts continue to mull the significance of the Triton/Trisis hack, disturbing in that it was designed to manipulate industrial safety systems. Control Global's Unfettered blog has a number of interesting points to make. First, there are some noteworthy similarities to Stuxnet (in apparent goals and approach). Stuxnet happened seven years ago, and Triton still came as a surprise. Second, comingling control and safety systems results in a loss of safety. The plant Triton attacked escaped catastrophic damage because it was saved by its "hard-wired analog safety systems."
North Korea's Lazarus Group again pursues Bitcoin (whose market price continues its fast rise). Some researchers report signs of a similar Russian interest in the cryptocurrency.
Researchers at F5 Networks report a Monero mining campaign, "Zealot," which is exploiting the same Apache Struts vulnerability used to breach Equifax. It's also deploying EternalBlue and EternalSynergy, exploits the Shadow Brokers leaked earlier this year, saying they were taken from NSA.
Cryptocurrency exchange Bitfinex sustained another large distributed denial-of-service campaign yesterday.
A database (MongoDB) of California voters was found exposed online and compromised by attackers late last week. The data appear to have been compiled by some third party, not the State of California, which says its systems and data are secure. California is investigating.
After turning down an offer from Atos last week, Gemalto has agreed to be acquired by Thales for a reported sum of nearly $4.5 billion.
Facebook acknowledges that research indicates Facebook may impair mental health, and so prescribes more Facebook.
Today's edition of the CyberWire reports events affecting Australia, Bangladesh, European Union, India, Iran, Democratic Peoples Republic of Korea, Pakistan, Russia, Saudi Arabia, Singapore, United Kingdom, United States.
A note in memoriam: Teddy Draper, Sr., one of the last of the US Marine Corps Navajo codetalkers of the the Second World War, has passed away at the age of 96. Semper fi, Mac; ave atque vale.
How are you handling your cloud monitoring and security?
Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Cyber Attacks, Threats, and Vulnerabilities
A New Industrial Hack Highlights the Cyber Holes in Our Infrastructure(MIT Technology Review) Freshly discovered malware called Triton can compromise safety systems that control many kinds of industrial processes. For years, security experts have been warning that hackers can disable systems that control critical infrastructure we all rely on, such as dams and power plants.
New TRITON ICS Malware is Bold and Important(Nozomi) FireEye [full disclosure, FireEye is a partner of Nozomi Networks], has reported that it has recently worked with an industrial operator whose facility was attacked by a new type of ICS malware, which they are calling TRITON.
Implications of the Triconex safety system hack – Stuxnet part 2?(Control Global) The Triconex safety systems and Stuxnet cyber attacks bear interesting similarities. Both were nation-state hacking of control system networks through operators’ Windows-based workstations to download alternate control system logic, affected safety systems that were connected to non-safety systems, and used hacking methodologies that can applied to other ICS vendors.
McMaster Accuses Russia of Subversion, Kremlin Reacts(Atlantic Council) US National Security Advisor Lt. Gen. H.R. McMaster and his team deserve credit for clear expression of the threat to the United States from autocratic, revisionist powers, especially Russia. Outlining the new National Security Strategy (NSS) to be...
Kremlin's new cyber weapons spark fears and fantasies(Yahoo! News) From Donald Trump's election to Brexit and the Catalan crisis, accusations that the Kremlin is meddling in Western domestic affairs have heightened fears over Russian hackers, trolls and state-controlled media. While the first accusations against Moscow came following a 2016 hack attack on the US
New GnatSpy Mobile Malware Family Discovered(TrendLabs Security Intelligence Blog) Earlier this year researchers first disclosed a targeted attack campaign targeting various sectors in the Middle East. This threat actor was called Two-tailed Scorpion/APT-C-23. Later on, a mobile component called VAMP was found, with a new variant (dubbed FrozenCell) discovered in October.
Loapi malware capable of destroying Android phones(CSO Online) Kaspersky Lab researchers discovered a new versatile malware capable of cryptocurrency mining, launching DDoS attacks and so much more that it destroyed the Android phone after two days of testing.
Zeus Panda Banking Trojan Targets Online Holiday Shoppers(Proofpoint) Banking Trojans work by injecting code into web pages as they are viewed on infected machines, allowing the malware to harvest banking credentials and credit card information as victims interact with legitimate sites.
Security Patches, Mitigations, and Software Updates
Siemens to boost R&D spending by €450 million(MarketWatch) Siemens AG (SIE.XE) said Friday that investments in research and development will rise an additional 450 million ($530.6 million) in fiscal 2018 as it tries to accelerate its innovation process.
Thales launches Digital Business Unit(Gigabit) Thales, a global technology leader for the aerospace, transport, defence and security markets, has announced that it will be regrouping its digital assets under a new Digital Business Unit, beginning 1 January 2018.
This U.K. Cyber Upstart Is Beating Silicon Valley Giants(Bloomberg) In a world where protecting against cyber crime is high on most big business agendas, a U.K. provider of IT security to clients as small as dentists and neighborhood stores is outpacing the best that Silicon Valley has to offer.
What can cyber do for you, the commander?(C4ISRNET) As the Army is testing new capabilities for cyber and electronic warfare at the tactical edge, these capabilities must be able to meet the commanders' needs.
The Bitcoin Experiment(The Cipher Brief) The launch of Bitcoin futures trading is a good moment to consider the cyber and wider security issues raised by this and other cryptography-based currencies. It is worth making the distinction between the blockchain technology underpinning Bitcoin, and Bitcoin as a currency or investment. The second has generated heat and headlines, but it is the technology itself that is … Continue reading "The Bitcoin Experiment"
Cyber security at nuclear facilities(Bulletin of the Atomic Scientists) The current political climate makes it difficult for the United States and Russia to cooperate on cyber security, but they can start by supporting other nations that have civilian nuclear facilities.
Long Island woman allegedly used Bitcoin to fund ISIS(FDD's Long War Journal) Zoobia Shahnaz allegedly defrauded financial institutions as part of a scheme to fund the Islamic State. She is also accused of seeking to join the so-called caliphate this past summer. Shahnaz was stopped for questioning at JFK International Airport on July 31, but not arrested until this week.
Palantir Investor Says Company Sabotaged Stock Sale to Chinese(Bloomberg.com) One of Palantir Technologies Inc.’s early investors accused the data-mining startup of sabotaging his attempt to sell his $60 million stake to a Chinese company so directors and executives could enrich themselves by selling their stock instead.
Bad split develops between Trump, intel community(Las Vegas Review-Journal) Michael Morrell, former acting head of the CIA under Barack Obama, says he may have contributed to President Donald Trump’s distrust of the intelligence community by endorsing Hillary Clinton…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.