skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

A CyberWire Daily News Briefing redesign is almost here.

We expect to complete redesigning our email soon, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.

With the new format you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. As always, thanks for subscribing and reading.

China has demanded that Canada release Huawei CFO Meng from custody (Telegraph), but in custody she seems likely to remain. The US is investigating not only violation of sanctions imposed on Iran, but financial crimes as well (CRN). Huawei remains under suspicion in all Five Eyes of posing a security risk (CNBC). The Australian Signals Directorate warns that Huawei’s devices could pose a threat to water and power infrastructure were they to be used in 5G networks (Wall Street Journal). Nor is such suspicion confined to the Five Eyes: Japan has decided to exclude both Huawei and ZTE from government contracts (Reuters).

The arrest is taken as a strong signal of US determination to enforce sanctions (Wall Street Journal). It’s also believed likely to sharpen the ongoing Sino-American trade war, with IT market leadership at stake (Bloomberg). Observers wonder whether China will retaliate for US measures against Huawei and ZTE, and Russia for Kaspersky’s exclusion from US Government systems, with their own legal or extralegal action against US companies (Washington Post). A large Chinese information operations campaign seems already to form part of a response (Guardian).

Proofpoint warns of an emerging threat to US retailers. "TA505," the criminal group behind Locky and Dridex, uses highly "personalized" attachments in a phishing campaign that spreads Remote Manipulator System and FlawedAmmyy malware.

Kaspersky describes a crime wave that's cost Eastern European bank millions. ZDNet calls it a "Hollywood hack:" the criminals attach small, cheap hardware to a bank's networks then remotely drain funds.

Notes

Today's edition of the CyberWire reports events affecting Australia, Canada, China, Ecuador, France, Germany, New Zealand, Russia, Singapore, United Kingdom, United States.

A note to our readers: today is Pearl Harbor Day, marking the seventy-seventh anniversary of the battle that brought the US into the Second World War. The generation that served in that war is passing quickly. This year, for the first time, no survivors of the USS Arizona will be on hand to take the salute in Oahu (they're all too frail to make the trip). Spare a thought for those who served, and consider paying them respect while they're still with us.

How to Budget for Insider Threat Management, Proactively

According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.

In today's podcast, up later this afternoon, we speak with our partners at Accenture, as Justin Harvey describes what should be in your incident response “go bag.” Our guest is New York Times national security correspondent David E. Sanger, discussing his latest book The Perfect Weapon.

Cyber Attacks, Threats, and Vulnerabilities

Inside China's audacious global propaganda campaign (the Guardian) The long read: Beijing is buying up media outlets and training scores of foreign journalists to ‘tell China’s story well’ – as part of a worldwide influence campaign of astonishing scope and ambition

TA505 targets the US retail industry with personalized attachments (Proofpoint) Proofpoint researchers describe recent campaigns in which actors use targeted lures to go after retailers.

Kaspersky: Physical devices used to steal 'tens of millions' from Eastern Europe banks (Cyberscoop) Researchers dubbed the scheme "DarkVishnya" and said attackers intruded in-person to plant malicious devices on banks' networks to steal money.

Eastern European banks lose tens of millions of dollars in Hollywood-style hacks (ZDNet) Cybercriminals leave laptops, Raspberry Pi boards, and USB thumb drives connected to banks IT networks.

415,000 routers infected by cryptomining malware - Prime target MikroTik (HackRead) According to a new report, around 415,000 routers throughout the world are infected with malware having the potential to steal computer resources and discreetly mine for the cryptocurrency.

Lokibot campaigns continue with some changes to C2 urls (My Online Security) Seeing some changes to Lokibot with this malware delivery campaign overnight. I don’t know if it is a complete change to the C2 url naming convention or whether it is only this particular actor using…

Infected WordPress Sites Are Attacking Other WordPress Sites (Threatpost) Researchers identified a widespread campaign of brute force attacks against WordPress websites.

Is it Time to Uninstall Flash? (If you haven't already) (SANS Internet Storm Center) If you haven't uninstalled Flash yet, maybe today should be that day.

22 apps with 2 million+ Google Play downloads had a malicious backdoor (Ars Technica) Device-draining downloader used for ad fraud could have recovered other malicious files.

Google’s private browsing doesn’t keep your searches anonymous (Naked Security) DuckDuckGo says you can go right ahead and log out of Google, then enter private browsing mode, but you’ll still see tailored search results.

Millions cut off for day after O2 mobile network goes down (Times) Tens of millions of Britons were affected when the O2 data network crashed yesterday, leaving them unable to use the internet on their phones or in some cases to make calls. The operator, which...

Ericsson apologises for O2 network outage (Computing) The data network crash, which affected millions of people worldwide, was caused by an expired software certificate

Kids’ VTech tablets vulnerable to eavesdropping hackers (Naked Security) Attackers can boobytrap what should be access to only parent-vetted sites and can take over the webcam, speakers and microphone.

Bethesda Accidentally Leaked Personal Data of ‘Fallout 76’ Customers Looking for Help (Motherboard) The game publisher accidentally sent support ticket information to customers using its help desk.

Two U.S. hospitals dealing with ransomware attack (TechGenix) An especially heartless group of hackers hit hospitals with ransomware that made them unable to accept patients from emergency service transports.

Security Patches, Mitigations, and Software Updates

December Patch Tuesday forecast: Let it snow, let it snow, let it snow (Help Net Security) Grab your shovels, dust off the snow blower, and bundle up. The way patches are accumulating this month is making me think of winter in Minnesota. I’m

Microsoft rolls out KB4471331 for Adobe Flash Player zero-day vulnerability (MSPoweruser) Microsoft has rolled out a new cumulative update for Windows 10 users which brings a fix for Adobe Flash Player’s zero-day vulnerability. The vulnerability was earlier identified by researchers and allowed attackers to trigger execute arbitrary code on vulnerable machines. The update is being released to all the supported Windows 10 versions including October 2018 Update as …

Cyber Trends

Why Data Breaches are all About Trust (Infosecurity Magazine) When it comes to computer security, we require trust more than most.

Half of management teams lack awareness about BPC despite increased attacks (Help Net Security) Trend Micro revealed that 43 percent of surveyed organizations have been impacted by a Business Process Compromise (BPC).

Two-Fifths of Firms Have Suffered 'BPC' Attacks (Infosecurity Magazine) Trend Micro warns of business process compromise

Nokia: IoT Botnets Comprise 78% of Malware on Networks (Infosecurity Magazine) Nokia: IoT Botnets Comprise 78% of Malware on Networks. Exploitation of poor device security is a growing threat

Axiomatics Unveils Critical Data Security Trends for 2019 (PRWeb) The top 2019 data security trends were released today by Axiomatics, the leader in externalized, fine-grained dynamic authorization. This year’s trends highlight

Kaspersky foresees cryptomining malware on the rise in 2019 (TASS) At the same time, it is likely that mass encryption will be much less used in mass cyberattacks in 2019, the experts predict

UK Consumers Have Lost £500 Each Through Online Crime (Infosecurity Magazine) GMX study claims 40% have fallen victim

Marketplace

UK partners fight Huawei's corner after CFO arrest and 5G snub (CRN) UK partners dismiss latest headlines as 'propaganda' and a 'political event' as they throw weight behind Chinese vendor

Cybersecurity jobs expected to be in high demand in Canada, experts say (Global News) A recent Deloitte study found that Canadian companies will be hiring over 8,000 cybersecurity experts over the next two years.

Singapore announces new grant to enhance cybersecurity capabilities (CISO MAG) The grant provided under the Financial Sector Technology and Innovation Scheme (FSTI) will co-fund up to 50 percent of expenses in Singapore-based financial institutions to establish their global or regional cybersecurity centers of excellence in the country.

Singtel Innov8 leads A$22m Series B in Australia’s Data Republic with SIA taking a stake - WIT (WIT) Singtel Innov8 leads A$22m Series B in Australia’s Data Republic with SIA taking a stake; to use funds for expansion in Asia.

IBM to offload some software products in US$1.8b deal (CRN Australia) Sold to Indian software services company HCL Technologies.

Former DHS and Secret Service Leader Dr. Cedric Sims Joins Booz Allen Hamilton (Hastings Tribune) Booz Allen Hamilton (NYSE: BAH) announced today that Dr. Cedric Sims, a respected homeland security expert whose career has included leadership positions with both the Department

Products, Services, and Solutions

New infosec products of the week: December 7, 2018 (Help Net Security) Juniper Networks updates JATP Appliances to prioritize cyber threats from any security source Juniper Networks released new offerings as part of its

Venafi and DigiCert Machine Identity Protection Partnership Delivers New Solution for Large-Scale Enterprise PKI (BusinessWire) The combined solution enables organizations to customize and orchestrate PKI and machine identity protection at machine speed and scale

CyberX Joins McAfee Security Innovation Alliance (SIA) (GlobeNewswire News Room) CyberX Platform Delivers Continuous Visibility into OT Risk for Industrial & Critical Infrastructure Organizations

Token and Almoayed Technologies bring Open Banking to MENA region (Payers) Turnkey open banking platform provider Token has partnered with Almoayed Technologies, the MENA region’s technology infrastructure development company.

New software ‘gives instant insights into cyber risk’ (IBS Intelligence) New software ‘gives instant insights into cyber risk’

DataStax announces DataStax Enterprise 6.7 (Help Net Security) DSE 6.7 delivers the distribution of Apache Cassandra with support for operational analytics, geospatial search, data protection in the cloud.

ISR Partners with Yubico to Support New FIDO2 Passwordless Authentication Technology (PR Newswire) International Systems Research Co. (ISR), a certified Google Cloud Premier Partner and cloud security solutions provider,...

Technologies, Techniques, and Standards

At the CIA, a fix to communications system that left trail of dead agents remains elusive (Yahoo News) From 2009 to 2013, the CIA’s online method of communicating with its sources was compromised — leading to the exfiltration, imprisonment or death of dozens of people. And the problem is proving hard to fix.

Do you know about the power of privileged access? (Computing) Attackers often target superuser accounts with access to data and systems - how do you protect them?

Tools from ‘cyber carrier’ could be available this spring (Fifth Domain) The Unified Platform team is expected to deliver a minimal viable product in the spring.

Secure Code Dojo: How to Defeat SQL Injection (Insights: Secure Code Warrior) Attackers are using SQL injection - one of the oldest (since 1998!) and peskiest data vulnerabilities out there - to steal and change the sensitive information available in millions of databases all over the world.

Automating for Endless zero-days (SC Media) By Derek Manky, chief of security insights & global threat alliances, Fortinet The number of vulnerabilities available to cybercriminals continues to

Don’t Get Phished – 7 Tips to Avoid This Common Cyber Attack (Security Boulevard) Phishing is the most common type of cyber-attack that impacts organizations both large and small. These attacks may take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. Unfortunately, some of the more common ways we mightRead More ›

Design and Innovation

Canada, France Plan Global Panel to Study the Effects of AI (WIRED) The International Panel on Artificial Intelligence will be modeled on a group formed in 1988 to study climate change and recommend government policies.

Microsoft Wants to Stop AI’s 'Race to the Bottom' (WIRED) Microsoft President Brad Smith calls for regulation of facial-recognition technology, to curb potential bias and invasions of privacy.

Bank of America Tech Chief Defines Responsible AI Projects (Wall Street Journal) The key to responsible use of artificial intelligence begins with understanding the specific problem that companies are trying to solve, said Cathy Bessant, chief operations and technology officer for Bank of America Corp.

AI and ML latest: Stop using text-based captchas - AI can crack them in 0.05 seconds (Computing) 'Given the high success rate of our approach for most of the text captcha schemes, websites should be abandoning captchas'

This Company Wants to Use the Blockchain to Stop Phishing (WIRED) MetaCert has classified 10 billion URLs as either safe, a suspected source of phishes, or unknown.

Tumblr's Porn-Detecting AI Has One Job—and It's Bad at It (WIRED) The blogging platform has a new policy forbidding "adult content"—but lots of innocuous posts are getting caught in the fray.

YouTube tells impersonation victim: No, you’re not being impersonated (Ars Technica) TOS enforcement only came after public shaming, pressure from author's publisher.

Research and Development

Beagle sniffs out email scammers (GCN) By building visual representations of the connections in the data, Beagle makes it much easier to connect the dots and ultimately understand how scam networks operate.

Meet Norman AI; the American Psycho of Digital World (TechEngage) MIT's Norman AI is officially declared psychopath as the world's first psychopath AI passes Rorschach Test. Meet Norman a digital psychopath by MIT.

IBM AI researchers say ‘what is the question’ is the real question (ZDNet) IBM AI technology lead, John Smith, and principle research scientist Kush Varshney talk with ZDNet about how the company endeavors to broaden the discipline from “narrow AI” to something more fit for the rigours of industry. Defining what the actual problem is that one is trying to train neural networks for, seems to be a big part of what makes AI work or not work, they suggest.

Academia

UCF Cyber Defense Team wins national cybersecurity competition (WFTV) A team from the University of Central Florida has won a national cybersecurity competition.

Mercy College Awarded Grant from National Security Agency to Develop D (PRWeb) DOBBS FERRY, N.Y. (PRWEB) December 06, 2018 Mercy College has received a grant of more than $80,000 from the National Security Agency under the Department of Defense (DoD) Cybersecurity Scholarsh

Legislation, Policy, and Regulation

Huawei CFO Arrest Shows U.S. Intent on Enforcing Sanctions, Lawyers Say (Wall Street Journal) The arrest in Canada of Huawei Technologies Co.’s finance chief shows the lengths to which the U.S. government will go when pursuing alleged violations of its sanctions on Iran, lawyers said.

Why Huawei arrest deepens conflict between US and China (Washington Post) Huawei arrest complicates US-China trade talks, illustrating an underlying clash over technology

Huawei CFO’s Arrest Deals a Blow to Xi Jinping’s Drive for China Tech Supremacy (Wall Street Journal) The arrest of Meng Wanzhou, a senior executive of Huawei Technologies, intensifies the confrontation in the already divisive China-U.S. negotiations on trade, striking at Chinese President Xi Jinping’s ambitions to make the country a tech superpower.​

Meng’s arrest could plunge US, China into high-tech Cold War (Asia Times) The fallout from the decision to detain the daughter of Huawei founder Ren Zhengfei has rocked markets and left trade war talks hanging by a thread

Huawei Reveals the Real Trade War With China (Bloomberg) If the U.S. loses its lead in furniture making, big deal. The same can't be said of high tech.

Why the US government is so suspicious of Huawei (CNBC) The U.S. government has spent the better part of the last decade taking issue with the Huawei over topics including the firm's alleged espionage ties to the Chinese government and allegations of a long history of intellectual property theft.

Japan government to halt buying Huawei, ZTE equipment: sources (Reuters) Japan plans to ban government purchases of equipment from China's Huawei Te...

On Huawei and 5G, Canada must unapologetically pursue our national interest (The Globe and Mail) The red flags become too numerous to ignore: a technology giant with a close relationship with the Chinese government, one with a history of cyberespionage

Canada Faces Pressure to Ban Huawei Equipment (Wall Street Journal) Canada’s detention of a senior executive at Huawei Technologies comes at a time when Ottawa is under intense pressure to prohibit the use of the Chinese company’s gear in its telecommunications networks.

Water, Electricity Would Be at Risk in Attacks on 5G Networks, Australian Intelligence Chief Says (Wall Street Journal) The head of Australia’s top military cyber defense agency explained why Chinese companies were blocked from the rollout of new telecommunications technology, as the pushback against Huawei gains strength.

Aussie Surveillance Law Imperils Secure Comms (Infosecurity Magazine) Hastily passed legislation apes the infamous UK Snooper’s Charter

Australian leader says cybersecurity laws urgently needed (AP NEWS) New Australian cybersecurity laws that force global technology companies such as Facebook and Google to help police by unscrambling encrypted messages sent by extremists and other criminals were urgently needed to safeguard Australia, the prime minister said Friday. The legislation was passed by the Senate late Thursday, the last day Parliament sat in 2018. While the opposition Labor Party agreed to support the legislation as an emergency measure because of concerns that extremists could target Christmas-New Year crowds, party lawmakers said they want amendments passed when Parliament resumes in February.

Analysis | The Cybersecurity 202: The U.S. got tough on Kaspersky and Huawei. Will Russia and China retaliate? (Washington Post) The bans could have ripple effects for American companies.

A New Old Threat: Countering the Return of Chinese Industrial Cyber Espionage (Council on Foreign Relations) China is conducting cyber-enabled theft of U.S. intellectual property to advance its technological capabilities. To combat the problem, the United States should build a multinational coalition, sanction Chinese companies, and strengthen cyber defenses.

Election hacking will come to a ‘breaking point,’ says Dem strategist (TheHill) Democratic strategist Estuardo Rodriguez warns election hacking will eventually come to a “breaking point,” saying the federal government needs to find a way to address cyber threats against the U.S.

#SubOversight Report Details Recommendations for Addressing Cybersecurity Vulnerabilities - Energy and Commerce Committee (Energy and Commerce Committee) The Subcommittee on Oversight and Investigations, chaired by Rep. Gregg Harper (R-MS), today released a cumulative report identifying core strategies to addressing and preventing cybersecurity incidents. The report summarizes the committee’s work and conclusions drawn from dozens of briefings, hearings, letters, reports, and roundtables, and provides six specific priorities for more effective …

Text - S.2397 - 115th Congress (2017-2018): Department of Homeland Security Data Framework Act of 2018 (115th Congress) To direct the Secretary of Homeland Security to establish a data framework to provide access for appropriate personnel to law enforcement and other information of the Department, and for other purposes.

Portman, Hassan Introduce Bipartisan Public-Private Cybersecurity Cooperation Act to Bolster Cybersecurity | U.S. Senator Maggie Hassan of New Hampshire (Office of Senator Hassan) The Official U.S. Senate website of Senator Maggie Hassan of New Hampshire

Wyden DHS malvertising letter (Washington Post) Letter from Sen. Ron Wyden, D-Ore., to the Homeland Security Department about malicious ads on federal networks.

Litigation, Investigation, and Law Enforcement

China demands Canada release Huawei executive embroiled in spying row (The Telegraph) China on Thursday demanded Canada release a Huawei Technologies executive who was arrested in a case that adds to technology tensions with Washington and threatens to complicate trade talks.

Huawei probe includes bank fraud accusations (CRN Australia) Off the heels of CFO Meng Wanzhou's arrest.

Facebook Defends Data Policies On Heels of Incriminating Internal Docs (Threatpost) The company allegedly tried to hide away new policy changes that would collect Android app users' call and message logs.

Mark Zuckerberg [notes on Parliamentary inquiry, and email release] (Facebook) This week a British Parliament committee published some internal Facebook emails, which mostly include internal discussions leading up to changes we made to our developer platform to shut down...

Julian Assange rejects UK-Ecuador deal for him to leave the embassy (The Telegraph) Julian Assange's lawyer has rejected an agreement announced by Ecuador's president to see him leave the Ecuadorean embassy in London, after six years inside.

Republicans hacked after hiring the Democrats' cyber-security firm, Crowdstrike (American Thinker) Why on Earth would the National Republican Congressional Committee hire the same firm that allowed the Democrats' emails to be hacked as its own cyber-security consultant? In fact, Crowdstrike is the same firm that claimed that it was the Russians who hacked the Dems after then-DNC head Debbie Wasserman Schultz reportedly refused to let the FBI examine the computers.

Unencrypted medical data leads to 12-state litigation (Naked Security) The Attorneys general of 12 states are suing an e-record provider who lost 3.9 million personal healthcare records in 2015.

Former FBI director Comey to testify in House GOP probe (Washington Post) The former FBI director is one of the final witnesses expected to interviewed in the investigation of how federal law enforcement handled probes of President Trump and Hillary Clinton, before Democrats take over the House.

Atlanta didn’t pay 6 Bitcoin cyber attack ransom, officials confirm (al.com) Atlanta didn't pay a ransom demanded by hackers earlier this year.

Verizon Dinged Again For Privacy Violations, This Time For Slinging Personalized Ads To Kids (Techdirt) Oh Verizon. For years we've noted how the company's consumer privacy practices are utterly abysmal. Like that time in 2016 when Verizon was fined a relative pittance by the FCC for modifying user wireless packets so it could covertly track...

A third of Germany's small, medium-sized firms have been spied on (Reuters) One third of Germany's small- and medium-sized companies have been spied on...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

ISC West 2019 (Las Vegas, Nevada, USA, April 10 - 12, 2019) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing...

10th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 5, 2019) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...

Upcoming Events

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.