MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.
Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.
January 21, 2020.
By the CyberWire staff
According to the Japan Times, Mitsubishi Electric has disclosed that Chinese actors hit the company with a "massive" cyber attack last year. In addition to personal information on some eight-thousand individuals, attackers may have obtained "email exchanges with the Defense Ministry and Nuclear Regulation Authority, as well as documents related to projects with firms including utilities, railways, automakers and other firms."
Cisco's Talos unit has described "JhoneRAT," a remote access Trojan currently active against Arabic-speaking targets in Saudi Arabia, Iraq, Egypt, Libya, Algeria, Morocco, Tunisia, Oman, Yemen, Syria, UAE, Kuwait, Bahrain and Lebanon. It's custom code, not a commodity attack tool, and its use seems part of an espionage campaign.
An Internet Explorer vulnerability is being exploited in the wild, but Microsoft won't be able to patch until February, TechCrunch reports.
CISA Director Krebs is quoted in Fifth Domain to the effect that the threat of a retaliatory Iranian cyberattack was diminishing over time, but the US Federal Deposit Insurance Corporation has warned the more than five-thousand banks and financial services institutions it supervises that they should be on heightened alert for cyberattacks.
While Iran may not, as the Verdict argues, rush into attacks on US infrastructure, it's nonetheless worth reviewing Iranian capabilities. APTs 33 (Elfin), 34 (OilRig), 35 (Charming Kitten), and 39 all have well-established track records, and, as IntSights explains in this context, there's also an active hacktivist community more-or-less aligned with Tehran's goals.
Today's issue includes events affecting Algeria, Bahrain, Belgium, Canada, China, Egypt, European Union, France, Germany, Greece, Iran, Iraq, Ireland, Israel, Kuwait, Lebanon, Libya, Morocco, Oman, Russia, Saudi Arabia, Sweden, Switzerland, Syria, Tunisia, Turkey, Tunisia, Turkey, United Arab Emirates, United Kingdom, United States, and Yemen.
Bring your own context.
"Trusted advisers" can represent a portfolio of service providers and can help businesses with risk mitigation. What organizations might use such services?
"You've seen what's happened with the ransomware. It's been in the news a lot, especially in local municipalities and state and federal government. But that's also happening quite a bit in companies as well. And when they lose access to their data, to their intellectual property, to all the things that give them what they need to go out and do business, you can imagine, you know, that you're really putting that company at risk. So definitely small and medium businesses will benefit from having access to these service providers."
—Ron Hayman, chief cloud officer and COO at AVANT, on the CyberWire Daily Podcast, 1.16.20.
Risk can be mitigated in various ways, and organizations might need help tailored to their specific mission and situation.
And the CyberWire Pro will be here soon.
Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
Cyber influence campaigns have plagued countries across the globe in the past few years, with foreign policy objectives, economic goals, and public opinion caught in the crossfire. LookingGlass researchers have tracked over 2000 People’s Republic of China-related influence operators on Twitter to better understand the current landscape. In our next webinar, Tom Creedon will explore these findings to gain an understanding of operator account patterns and targets. Save your seat for February 6 at 1pm ET.
CyberTech Tel Aviv(Tel Aviv, Israel, January 28 - 30, 2020) Cybertech Tel Aviv is a 3-day event with 200+ organizations, 180+ speakers and 18,000+ attendees with a goal to create business and networking opportunities across borders. For 15% off, use code tcwtlv20dis on the registration page and enter the “Full-Pass" option. https://www.cybertechisrael.com/
Cyber Security Summits: February 5 in Atlanta and on March 20 in Tampa(Atlanta, Georgia, United States, February 5, 2020) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, IBM Security, Google and more. Register with promo code cyberwire20 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
RSAC 2020(San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!
FDIC Issues Cyberattack Warning to U.S. Banks(MSSP Alert) Federal Deposit Insurance Corporation (FDIC) issues cyberattack warning letter to all FDIC-supervised institutions -- spanning roughly 5,400 U.S. banks & financial services firms.
Threat Brief: Iranian Cyber Warfare(IntSights) Now is the time to assess whether your organization is a likely target of Iranian state-sponsored cyber operations, and determine if your team is ready and trained to respond.
Thousands of Chinese Students’ Data Exposed on Internet (Wall Street Journal) A Chinese facial-recognition database with information on thousands of children was stored with no protection on the internet, a researcher discovered, raising questions about school surveillance and cybersecurity in China.
Mitsubishi Electric reports cyber-attack(NHK WORLD) Mitsubishi Electric says it suffered a cyber-attack last year that may have compromised personal and corporate data. The company is engaged in businesses ranging from household appliances to communications, space and defense.
EFS Ransomware(Safebreach Labs) Ransomware is a serious threat to individuals, SOHOs/SMBs and large enterprises. Consequently, many security solutions are now available, which attempt to address the ransomware threat. In this blog post we describe EFS-based ransomware (ransomware which abuses the Windows Encrypting File System), which is a new concept we developed in Safebreach Labs.
New Nest Video Extortion Scam Plays Out Like a Spy Game(BleepingComputer) A new sextortion scam that breaks the typical mold has been detected at the beginning of the year. Fraudsters preying on the insecurity of connected devices used footage from Nest cameras, and led victims through a convoluted path of email accounts and web sites before making their ransom price known.
City of Pensacola: Personal information possibly compromised during cyber attack(WEAR) The City of Pensacola says they cannot determine with certainty that personal information has not been compromised in the cyberattack they faced in December in a recent update. The city says the personal information that may have been obtained by the hackers includes individuals’ first and last names, social security number, driver license number or other identification number, bank account number credit card number, or debit card number. WEAR.
December cyber attack costs New Orleans $7 million, so far(HOTforSecurity) A ransomware attack targeting the city of New Orleans has inflicted $7 million in losses so far, with more to be incurred in coming months, Mayor Latoya Cantrell said in a recent update. At 5 a.m. on December 13, New Orleans was becoming the latest victim... #louisiana #ransomware #ransomwareattack
Update on cyber-attack at Picanol(Innovation in Textiles) Following the large-scale ransomware attack of Monday 13 January 2020 textile machinery manufacturer Picanol issued the following statement this afternoon
Vulnerability Summary for the Week of January 13, 2020(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Is London the hacking capital of Europe?(SC Magazine) The UK is the European country most attacked by cyber-criminals and within the UK London is disproportionately the target, suffering as many breaches as several European countries combined.
The status of ‘silent cyber’ in the insurance industry(Canadian Underwriter) Silent cyber has long been a thorn in the side of some insurers, and it doesn’t look like the issue will be resolved any time soon. Part of the issue is that the cyber market doesn’t exist to cater to…
IBM Secures $1.1B Contract With Banco Sabadell(SDX Central) IBM this week scored a 10-year, $1.1 billion contract to help Banco Sabadell, Spain’s fourth-largest private bank, modernize its IT infrastructure, and migrate its applications to the cloud.
What happens when we unmask hackers?(NewsDio) Cyber threat activity has become an increasingly common topic of discussion in the media and in society in general. Why is this? Due to public disclosures, they have helped shed light on an obscure part of the malware and piracy underworld on the Internet. But so far, little has been considered about the potential impact …
Citadel to help train nation's future cyber warriors(The Times and Democrat) The Citadel, dedicated to training America’s cyber warriors, will harness a new $2.8 million National Science Foundation grant to create the state’s first CyberCorps Scholarship for Service program. It is
Top Secret documents show Cyber Command's growing pains in its mission against ISIS - CyberScoop(CyberScoop) U.S. government documents made public Tuesday show that while a U.S. Cyber Command operation that disrupted ISIS computer networks was largely successful, there were significant shortcomings, including operators having trouble collecting data, interagency deconfliction issues, difficulty vetting targets, and, in at least one case, a close call with the operation being discovered by the adversary.
Uniting the Cyber Domain Stakeholders(Small Wars Journal) The United States faces an organizational dilemma when it comes to the cyber domain, as the Department of Defense, Department of Homeland Security, Intelligence Community, and the private sector all are stakeholders in the domain and the security. Uniting the stakeholders under one security domain, specifically quantum encryption, would strengthen the United States cyber defense against their adversaries.
Why Iran would avoid a major cyberwar(Fifth Domain) What's in it for Iran to launch a massive cyber engagement against the free world? What can they win and what would their regime lose?
Können wir chinesischen Smartphones vertrauen?(T-online.de) Huawei, Xiaomi, OnePlus: Die Smartphones aus China sind beliebt, denn sie sind hochwertig und günstig. Die US-Regierung wirft Huawei allerdings Spionage vor. Können Kunden die Smartphones bedenkenlos kaufen?
Why Google thinks we need to regulate AI(Silicon Valley Business Journal) Alphabet and Google CEO Sundar Pichai makes the case for the responsible development of artificial intelligence in an op-ed for the Financial Times.
New US Bill Wants to Assign State Cybersecurity Coordinators(BleepingComputer) Four U.S. Senators have introduced a bipartisan bill that will require the Department of Homeland Security (DHS) to appoint cybersecurity effort coordinators in every state to orchestrate cyberattack response and remediation efforts, and to improve coordination between federal, state, and local entities.
What Has Happened Since House Vote to Impeach (Wall Street Journal) As lawmakers wrangle over which documents and witnesses should appear in the Senate impeachment trial of President Trump, here’s what information has emerged in the last few weeks.
Reputable police video displays phone-unlocking Cellebrite pc in motion(Herald Cloud) Telephone encryption within the context of legislation enforcement has at all times been a testy topic, and simply weeks in the past, tensions rose additional as Apple it appears refused to liberate an suspect’s iPhones. It seems that, the FBI has sought different choices, akin to era advanced by means of Israeli company Cellebrite, which …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cyber Security for Critical Assets, MENA 2020(Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...
SANS Cyber Threat Intelligence Summit(Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
SINET: Global Cybersecurity Innovation Summit(London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...
CPX 360 Vienna(Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.