A Review of the Best News of the Week on Cybersecurity Management & Strategy

Details of the Cloud Hopper Attacks (Schneier on Security, Jul 10 2019)
“Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported.’The hacking campaign, known as “Cloud Hopper,” was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud. Prosecutors described an elaborate operation that victimized multiple Western companies but stopped short of naming them. A Reuters report at the time identified two: Hewlett Packard Enterprise and IBM.'”

Chinese Antivirus Companies Don’t Flag Chinese Border Malware (VICE, Jul 12 2019)
After a joint investigation found China installing malware on tourists’ phones, several antivirus companies started flagging the app. Several Chinese companies did not, however.

FEC: Campaigns Can Use Discounted Cybersecurity Services (Krebs on Security, Jul 11 2019)
“The U.S. Federal Election Commission (FEC) said today political campaigns can accept discounted cybersecurity services from companies without running afoul of existing campaign finance laws, provided those companies already do the same for other non-political entities. The decision comes amid much jostling on Capitol Hill over election security at the state level, and fresh warnings from U.S. intelligence agencies about impending cyber attacks targeting candidates in the lead up to the 2020 election.”

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Ransomware Recovery Firms Who Secretly Pay Hackers (Schneier on Security, Jul 08 2019)
ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims.

EU struggles to pick next cybersecurity chief (Polico EU, Jul 12 2019)
A vote expected next week reveals power struggle between EU and capitals over cybersecurity policy.

Cybersecurity: Broken hardware behind many outages, but ransomware threat increases (ZDnet, Jul 11 2019)
A hardware failure is most likely to cause unexpected downtime or data loss, but the damage caused by security threats like viruses and ransomware continues to rise.

APT Groups Make Quadruple What They Spend on Attack Tools (Dark Reading, Jul 11 2019)
Some advanced persistent threat actors can spend north of $1 million on attacks, but the return on that investment can be huge.

YouTube’s Ban of Hacking Videos Moves Us Closer to an Entertainment-only Public Sphere (Daniel Miessler, Jul 04 2019)
Marcus Hutchins wrote a great essay recently about YouTube’s new ban on “hacking” videos. He writes: One major problem here is that hacking tutorials are not inherently bad. There exist a vast YouTube community aimed at teaching the next generation of cyber security experts.”

British Airways is facing £183 million fine for 2018 data breach (Help Net Security, Jul 08 2019)
The UK Information Commissioner’s Office (ICO) wants British Airways to pay a £183.39 million (nearly $230 million) fine for failing to protect personal and financial information of approximately 500,000 of its customers.

One in 10 IT Pros Would Steal Data if Leaving a Job (Infosecurity Magazine, Jul 05 2019)
Survey of IT pros conducted by Gurucul highlights risks from insider threats

Mystery of NSA Leak Lingers as Stolen Document Case Winds Up (SecurityWeek, Jul 08 2019)
Federal agents descended on the suburban Maryland house with the flash and bang of a stun grenade, blocked off the street and spent hours questioning the homeowner about a theft of government documents that prosecutors would later describe as “breathtaking” in its scale.

Crowdstrike stock analysis as Wall Street initiates coverage after IPO (Business Insider, Jul 09 2019)
CrowdStrike raised $612 million in its IPO, and the stock popped more than 70% on its first day of trading. Here’s what Wall Street analysts had to say about the newly-public company.

Maryland Department of Labor Announces Data Breach (SecurityWeek, Jul 08 2019)
The Maryland Department of Labor has announced that databases containing personally identifiable information (PII) were accessed in a cyber-incident discovered earlier this year.

Who’s Behind the GandCrab Ransomware? (Krebs on Security, Jul 08 2019)
“The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.”

Marriott Faces $124 Million GDPR Fine in UK (Dark Reading, Jul 09 2019)
The proposed penalty is for a data breach beginning in 2014 that affected more than 500 million customers worldwide.

4 Reasons Why SOC Superstars Quit (Dark Reading, Jul 10 2019)
Security analysts know they are a hot commodity in the enviable position of writing their own ticket. Here’s how to keep them engaged, challenged, and happy.

Inside the NIST team working to make cybersecurity more user-friendly (Help Net Security, Jul 11 2019)
“Our team works towards influencing cybersecurity standards and guidelines. For example, we were responsible for the inclusion of usability considerations in the NIST Special Publication 800-63 Digital Identity Guidelines,” Mary Theofanos, the leader of the NIST Usable Cybersecurity team, explained to Help Net Security.

U.S. mayors resolve to no longer pay ransomware attackers (SC Magazine, Jul 10 2019)
The United States Conference of Mayors issued a resolution at its 87th annual meeting to stand united against paying ransoms when their municipality is hit with a ransomware attack.