Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
June 4, 2019.
Hey, could we interest you in taking a survey?
To improve the quality, relevance and overall value of the CyberWire’s content, we’ve put together a short audience survey that should take five minutes or less to complete. This survey is (obviously, we needn't add, but will) completely voluntary, anonymous and confidential. Click here to take our survey and look for your chance to win some official CyberWire swag at the end.
By the CyberWire staff
In an 8-k filed this week with the US Securities and Exchange Commission, the large medical testing firm Quest Diagnostics disclosed that American Medical Collection Agency (AMCA), a third-party collection services firm, notified Quest that AMCA had detected unauthorized activity in its network. As reported by TechCrunch and others, the breach appears to have affected nearly 12 million people. The "unauthorized user" took personal data, medical information, and credit card numbers from AMCA, which believes the intruder was active between August 1 of last year until this past Friday.
Another apparent leak from someone close to Iran's cyber operations has released Jason, a tool designed to hijack Microsoft Exchange email accounts, BleepingComputer says. Jason is associated with OilRig (also known as APT34 or HelixKitten), generally attributed to Iran's Ministry of Intelligence and Security. The leaker or leakers, who go by Lab Dookhtegan, began releasing Iranian attack tools in March.
Eurofins Scientific, a Luxembourg-based provider of food, environmental, and pharmaceutical testing, disclosed yesterday that it sustained a ransomware attack over the weekend. The infection has impeded some IT operations, but appears to have been contained.
It seems increasingly unlikely that EternalBlue was involved in the ransomware attack on Baltimore. Researchers at Armor obtained attack code samples and found no signs of EternalBlue or other propagation mechanisms in what they told KrebsOnSecurity was "vanilla ransomware." Armor also has found communications from people claiming to be the attackers, but their responsibility can't be verified.
Today's issue includes events affecting China, Iran, Israel, Luxembourg, North Macedonia, Russia, Sri Lanka, United Arab Emirates, United Kingdom, United States.
Bring your own context.
So criminals go after the really valuable stuff, and steal it, and then resell it, right? Sometimes, but maybe not as much as they formerly did.
"Targeted ransomware is a lot different than your normal commodity ransomware. When you think about ransomware, you think about random emails showing up that have been blasted out to millions of people. Someone clicks a link and boom, their hard drive or their documents have all been encrypted with an automatically generated link that says click here, deposit a bitcoin into this wallet, and we'll email you the key. There has been a dramatic turn into something a little bit more nefarious. Now cyber criminals, instead of penetrating an organization and finding the high-value assets and taking them out of the enterprise, they're just simply encrypting them in place because they've realized that when you steal data, you have to monetize that. You run the risk of dealing with law enforcement. You've got to deal with the dark web and finding a buyer and registering in underground forums."
—Justin Harvey, global incident response leader at Accenture, on the CyberWire Daily Podcast, 5.31.19.
The criminal is not an artist. The criminal follows the path of least resistance to the money.
Get the In-Depth Guide to Operationalizing Threat Intelligence.
Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.
Cyber Howard Conference(Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
Quest Diagnostics says 11.9 million patients affected by data breach(TechCrunch) Medical testing giant Quest Diagnostics has confirmed a third-party billing company has been hit by a data breach affecting 11.9 million patients. The laboratory testing company revealed the data breach in a filing on Monday with the Securities and Exchange Commission. According to the filing, the …
8-K 1 ss138857_8k.htm CURRENT REPORT(US Securities and Exchange Commission) On May 14, 2019, American Medical Collection Agency (AMCA), a billing collections vendor, notified Quest Diagnostics Incorporated (“Quest Diagnostics”) and Optum360 LLC, Quest Diagnostics’ revenue cycle management provider, of potential unauthorized activity on AMCA’s web payment page. Quest Diagnostics and Optum360 promptly sought information from AMCA about the incident, including what, if any, information was subject to unauthorized access.
An APT Blueprint: Gaining New Visibility into Financial Threats(Bitdefender Labs) This new Bitdefender forensic investigation reveals a complete attack timeline and behavior of a notorious financial cybercriminal group, known as Carbanak. In mid-2018, Bitdefender researchers investigated a targeted attack on an Eastern European financial... #bitdefenderresearch #Carbanak #cobalt
New Phishing Scam Asks You to Manage Your Undelivered Email(BleepingComputer) A new phishing campaign is underway that pretends to be a list undelivered email being held for you on your Outlook Web Mail service. Users are then prompted to decide what they wish to do with each mail, with the respective links leading to a fake login form.
Ransomware Attack Against Baltimore: Tweet from Hacker or Malicious Prankster?(Armor) Last Updated: 5/29/2019 Eric Sifford, security researcher with Armor’s Threat Resistance Unit (TRU), found new tweets on Saturday, May 25, 2019 and on Tuesday, May 28, 2019 from a Twitter account , which appears to be connected to the City of Baltimore ransomware attackers. Both tweets were directed squarely at Baltimore’s mayor, Bernard C. “Jack” …
Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware(KrebsOnSecurity) For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “Eternal Blue,” a hacking tool developed by the U.S. National Security Agency (NSA) and leaked online in 2017. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it.
Vulnerability Summary for the Week of May 27, 2019(US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
How likely are weaponized cars?(Help Net Security) It is easy to become absorbed by the exaggerated Hollywood depictions of car hacking scenarios - to imagine a not-so-distant future when cars or their
County gets new firm to resolve cyber attack(Citizens' Voice) Luzerne County has hired a new vendor to help resolve a cyber attack that shut down most computers at the county courthouse, and hopes to have the system back up and running this week. That will not happen today, however. Most of the computer network at t
Security Patches, Mitigations, and Software Updates
A Reminder to Update Your Systems to Prevent a Worm(MSRC) On May 14, Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. In our previous blog post on this topic we warned that the vulnerability is ‘wormable’, and that future malware that exploits this vulnerability...
Trouble at the top: The boardroom battle for cyber supremacy(Nominet) In the current landscape of pervasive cyber threats, every business needs a clear strategy that outlines how to deal with and mitigate the risk of attack, as well as a response prepared should the worst happen. However, the lines are often blurred. At the top of every large organisation is a group of very knowledgeable, strong leaders, each with their own skillsets and opinions.
Q&A: Joseph Menn on the Cult of the Dead Cow(Decipher) In his new book on the Cult of the Dead Cow hacking group, Joseph Menn describes the environment that led to the cDc’s creation and why the group remains so influential after more than 35 years.
Intelligent ID Rebranded As innerView(PRWeb) OnGuard Systems is proud to announce the re-release of their flagship product, Intelligent ID, as the newly renamed innerView. Innovators in insider threat p
Forescout Adds Two New Board Members and Updates Its Board Chair(Yahoo) Forescout Technologies, Inc. (FSCT), the leader in device visibility and control, announced today the appointment of Kathy McElligott and Elizabeth Hackenson to its board of directors, effective immediately. McElligott currently serves as executive vice president, chief information officer and chief
Protecting Your Business Against Automated Intruders(New York Law Journal) Bots add value by facilitating the execution of online tasks at speeds and scales unreachable by human users. But the ubiquity of bots has a dark side, threatening both governmental and commercial institutions.
A Line in the Clouds: Whose Cybersecurity Goes Where?(New York Law Journal) The problem involved with assessing and addressing fair allocation of cybersecurity responsibilities, in a new kind of commercial relationship with interactive, interconnected and interdependent IT products and services, reflects the need for lawyers to evolve if they aspire to competently serve enterprise clients.
Why zero trust is crucial to compliance(Help Net Security) Zero trust verifies identity and payload each time an east-west movement is attempted, stopping the attack before data can be reached, much less breached.
How a Presidential Commission Was Tracking Hackers in 1996(OODA Loop) The President's Commission on Critical Infrastructure Protection is often cited as one of the most important initiatives from the 1990s that advanced our cybersecurity programs in the U.S. The commission, which looked at cyber threats
Deterrence in Cyberspace(Project Syndicate) Understanding deterrence in cyberspace is often difficult, because our minds remain captured by an image of deterrence shaped by the Cold War: a threat of massive retaliation to a nuclear attack by nuclear means. A better analogy is crime: governments can only imperfectly prevent it.
Russia demands Tinder give user data to secret services(KOKH) Russia is requiring dating app Tinder to hand over data on its users - including messages - to the national intelligence agencies, part of the country's widening crackdown on internet freedoms. The communications regulator said Monday that Tinder was included on a list of online services operating in Russia that are required to provide user data on demand to Russian authorities, including the FSB security agency.
Trump dangles big trade deal at meeting with PM(Times) President Trump said he hoped Britain would secure a “very substantial trade deal” with the US as the two leaders were set for a confrontation over Huawei. The prime minister was expected to rebuff...
The GCHQ’s Vulnerabilities Equities Process(Lawfare) The GCHQ’s disclosure of the “BlueKeep” vulnerability offers an opportunity for the U.S. to learn from how the British handle the question of vulnerabilities equities.
Connecting the Dots on the Regulation of Connected Medical Devices(New York Law Journal) This article will discuss several critical lessons that manufacturers of connected medical devices can learn from recent unprecedented coordination among the FDA, the Department of Health and Human Services Office of Inspector General and the Department of Homeland Security, respectively, as well as the increasingly important role the Federal Trade Commission has come to occupy with respect to the cybersecurity of connected medical devices.
Facebook, Google and other tech giants to face antitrust investigation by House lawmakers(Washington Post) The probe announced Monday by the House Judiciary Committee's competition-minded panel, led by Rep. David Cicilline (R.I.), is expected to be far-reaching, covering the extent to which a company like Google favors its products over rivals or Facebook clones or acquires competitors in an attempt to ensure its continued dominance in social networking.
FTC Gets Jurisdiction for Possible Facebook Antitrust Probe(Wall Street Journal) The Federal Trade Commission will lead any antitrust investigation into Facebook under an arrangement that gives the Justice Department chief oversight of Alphabet’s Google, as the U.S. government gears up for scrutiny of the country’s major tech companies over competition concerns.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
National Cyber Summit(Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...
Infosecurity Europe(London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...
San Diego Cyber Security Conference(San Diego, California, USA, June 5, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. In San Diego the keynote will be delivered by Darin Andersen, CEO/ Founder NXT Robotics,...
Seattle Cybersecurity Conference(Seattle, Washington, USA, June 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.