A Review of the Best News of the Week on Cybersecurity Management & Strategy

WannaCry – the worm that just won’t die (Naked Security – Sophos, Sep 18 2019)
WannaCry never went away – it just became less obvious. Remember WannaCry? That’s the infamous self-spreading ransomware attack that stormed the world in May 2017. WannaCry was an unusual strain of ransomware for two main reasons.

U.S. sanctions North Korea hacking groups, says attacks funded missile program (SC Magazine, Sep 13 2019)
The U.S. Office of Foreign Assets Control (OFAC) sanctioned North Korea Friday for ransomware attacks on the Swift interbank messaging system and other critical infrastructure targets that generated funding for the nation-state’s weapons and missile programs. The Treasury Department targeted three state-sponsored hacking groups – the Lazarus Group, whose WannaCry attacks wreaked havoc…

Advanced hackers are infecting IT providers in hopes of hitting their customers (Ars Technica, Sep 18 2019)
Previously undocumented Tortoiseshell is skilled, but by no means perfect.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Check the scope: Pen-testers nabbed, jailed in Iowa courthouse break-in attempt (Ars Technica, Sep 13 2019)
They claimed to be conducting a penetration test to determine how vulnerable county court records were and to measure law enforcement’s response to a break-in. Unfortunately, the Iowa state court officials who ordered the test never told county officials about it—and evidently no one anticipated that a physical break-in would be part of the test. For now, the penetration testers remain in jail.

Chicago Broker Fined $1.5m for Inadequate Cybersecurity (Infosecurity Magazine, Sep 16 2019)
Phillip Capital has been fined after its poor cybersecurity led to a $1m theft

Australia Knows China Hacked Its Parliament: Report (SecurityWeek, Sep 17 2019)
Australia is confident that China was behind cyberattacks on its parliament and political parties, but decided not to make public accusations to avoid disrupting trade relations, according to Reuters.

GitHub Becomes CVE Numbering Authority, Acquires Semmle (Dark Reading, Sep 18 2019)
As a CVE Numbering Authority, GitHub can assign a CVE ID, post to the CVE List, and then post to the National Vulnerability Database (NVD) on behalf of a developer. According to a blog post announcing its news, GitHub said it expects the combination of Semmle code scanning and CVE number assignment will make it much more likely that vulnerabilities in open source projects will be found and reported.

Arizona Schools Provide Model for Managing Ransomware (SecurityWeek, Sep 13 2019)
On Wednesday, September 4, 2019, ransomware was discovered at Flagstaff Unified School District, Arizona. Schools were closed on Thursday and Friday of that week, but re-opened after the weekend. No ransom was paid, and only two days schooling was lost.

Security Leaders Share Tips for Boardroom Chats (Dark Reading:, Sep 12 2019)
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.

CISO do’s and don’ts: Lessons learned (Help Net Security, Sep 16 2019)
“The best way I’ve managed to make the case for specific security improvements has been to relate them to financial loss. The simple formula is: how many applications could an attack potentially take down? Estimate a likely time span. How much does an application generate? And then present to the board how much you can save, in terms of hours lost and money, by displaying how much a security control would protect the total value of the application,” he explains.

Making the case for IT/OT security integration (SC Magazine, Sep 16 2019)
Traditionally, ICS networks and SCADA systems have been segregated from unsecure areas (corporate networks and the internet) through air-gapping and increased physical security. But in recent years, more of these systems have been brought online to cut costs, share operational information and improve efficiencies—thus increasing their exposure to IT networks as infection vectors. One of the best-known recent examples of this was NotPetya, a ransomware exploit which began by infecting enterprise IT networks and then spread to disrupt the OT networks of several large companies, including Merck and FedEx.

Five Thoughts on the Internet Freedom League (TaoSecurity, Sep 13 2019)
“In the September/October issue of Foreign Affairs magazine, Richard Clarke and Rob Knake published an article…The article proposes the following: The United States and its allies and partners should stop worrying about the risk of authoritarians splitting the Internet. Instead, they should split it themselves, by creating a digital bloc within which data, services, and products can flow freely, excluding countries that do not respect freedom of expression or privacy rights, engage in disruptive activity, or provide safe havens to cybercriminals…My initial reaction to this line of thought was not encouraging.”

Preventing PTSD and Burnout for Cybersecurity Professionals (Dark Reading, Sep 16 2019)
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.

How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity (Dark Reading, Sep 17 2019)
Sparking cultural shifts within an organization — and throughout an entire industry — can feel like a monumental task, but the juice is well worth the squeeze.

Man Who Hired Deadly Swatting Gets 15 Months (Krebs on Security, Sep 17 2019)
An Ohio teen who recruited a convicted serial swatter to fake a distress call that ended in the police shooting an innocent Kansas man in 2017 has been sentenced to 15 months in prison.

Businesses facing post breach financial fallout by losing customer trust (Help Net Security, Sep 18 2019)
44% of Americans, 38% of Brits, 33% of Australians, and 37% of Canadians have been the victim of a data breach, according to newly released research conducted by PCI Pal.

Panda’ Group Makes Thousands of Dollars Using RATs, Crypto-Miners (SecurityWeek, Sep 18 2019)
A new threat actor has generated thousands of dollars in the Monero cryptocurrency using remote access tools (RATs) and illicit cryptocurrency mining malware, Cisco’s Talos threat intelligence and research group revealed on Tuesday.

One Arrested in Ecuador’s Mega Data Leak (Dark Reading, Sep 18 2019)
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.

Top 10 Tactical Recommendations for SMB Cybersecurity (SecurityWeek, Sep 18 2019)
“In my previous column I introduced the concept of “Think 360, Demand 360” as it applies to data protection, privacy, and cyber security. The concept is as follows: whether you represent a small business, a Fortune 50 company, an NGO or a government entity, what you are protecting and who you are protecting it from is really a 360-degree exercise.”

Lawmakers want to bring back top White House cybersecurity post (Washington Post, Sep 19 2019)
With a new official set to take the reins of the Trump White House’s national security strategy, some Democratic lawmakers are pushing for cybersecurity to get more top-level attention.