According to recent reporting, a suspected nation state hacker group with alleged ties to the Iranian government issued death threats to researchers that had detected their cyber espionage activity.  The researchers were checking a server that they believed to be associated with a specific data breach when they received the message “Stop!!! I Kill You Researcher.”  According to the same report, the server was apparently attached to the attackers’ command-and-control infrastructure.  Active since 2015, the group known as “MuddyWaters” has been observed targeting organizations in Georgia, India, Iraq, Pakistan, Saudi Arabia, Tajikistan, Turkey, and the United States.  Recently, MuddyWaters has been observed targeting oil and gas entities in the Middle East.  Notably, the group is believed to employ “false flag” operations – similar to what was believed to have been done during the recent Olympics – in which it adopted some of the tactics, techniques, and procedures (TTP) of suspected Chinese hackers to obfuscate the group’s true identity.


On the surface, the threat made against the researchers can be viewed as knee-jerk reaction to being tracked by the private sector.  But this does raise the possibility of what hostile actors may resort to in the future.  The private sector computer security has been aggressively investigating the activities of suspected nation states actors since 2004 when the first report published the activities of a Chinese state entity.  Since that time, several subsequent reports have been provided to the public detailing “advanced persistent threat” operations detailing TTPs and targeting that have ultimately been attributed to specific nation state actors.  While the standard public reaction of these governments has been to refute or deny the claims, citing the difficulties in providing adequate evidence that supports attribution, sanctions and alleged retaliatory strikes have been know to occur as a result of these accusations.


The potential of escalatory cyber strikes in response to actions is a real concern and one that has been raised in the press.  One reason the United States, for example, has not retaliated against suspected Russian involvement in the 2016 U.S. presidential election is not knowing how such an adversary may reciprocate any retaliatory strike against its interests.  This is a very legitimate concern, as cyberspace activities are still relatively new, and that nation states around the world are eagerly trying to buy, develop, or acquire an offensive cyber capability.


And this is where thinking may be too narrowly focused.  A state or non-state entity does not have to resort to cyberspace to retaliate against an attack that it has suffered in cyberspace.  It is not a one-for-one arrangement.  Threatening to retaliate in the physical world provides another potential attack vector that needs to be considered.  After all, many of the vendor APT reports that are published often contain the names of those involved in the report – individuals that likely have a footprint on the Internet. These attackers can find out their personal identifiable information and either post it for others to target, or else use it for their own purposes.  Doxxing – or disclosing the PII of victims – has long been a weapon in the hacktivist arsenal.  In 2016, the United Cyber Caliphate published “kill lists” of U.S. military personnel to encourage ISIS sympathizers and lone wolfs to commit acts of violence against them.  Although to date, there is no known attack resulting from disclosures such as this, it bears noting if that may transpire in the future.


Nation states have been suspected of carrying out physical attacks on specific individuals. Recently, a Russian spy is believed to have been poisoned at the behest of the Russian government. In 2017, suspected North Korean agents used poison on Kim Jong Un’s brother at a Malaysian airport. Granted, these attacks weren’t the result of cyber activity, but it does demonstrate that the capability is there if the intent is present.  Giving the fact that Iran is largely considered the world’s leading nation state supporter of terrorism, it has a large network of agents to call upon to target individuals it may view as threatening to their interests.  Iran has been suspected of conducting “assassinations” in the past, a claim that it has denied.


For the time being, this appears to be a one-time threat.  But how nation states respond to cyber attacks and significant cyber incidents can influence on what accused governments may do in response to any retaliation.  Let’s hope that this confluence between cyber space and the physical world remain theoretical and not a harbinger of things to come.


This is a guest post written by Emilio Iasiello

Best Cyber Security Twitter Profiles to Follow 2018

Twitter has always been a great place to stay in touch with the latest cybersecurity trends. It is a great way to join professionals and even experts that normally you wouldn’t be able to reach out. You can follow them, read their posts and comments daily and why not even tagging them in your tweets to attract their attention just in a few seconds. Twitter is an open source platform that stimulates people to share knowledge from new technologies or threats to silly pictures and memes about the latest events in the news.

However, there are thousands of profiles that you can follow, but sometimes you just don’t seem to find exactly what you are looking for. The question of which security experts to follow on Twitter is tricky since there are so many professionals out there who keep sharing valuable information and news on a daily basis. What really matters is to decide what is relevant to you and how you are going to use it as your advantage.  Once you have decided who to follow you can create your own lists per category containing the best Cyber Security Twitter profiles. This option allows you to see all of the tweets in a simple way and you will make sure that you don’t miss a single tweet from your feed.

We have created a list with some of the best Twitter CyberSecurity accounts so you don’t waste your time in searching – you can follow them right away.

Continue reading


A cyber attack disrupted the recent opening Olympic Games ceremonies, which was confirmed by a spokesman for the Pyeongchang Organizing Committee.  The disruption took out Internet access and telecasts of non-critical machines, grounded broadcasters’ drones, shut down the Pyeongchang 2018 website, and prevented spectators from printing out reservations and attending the ceremony.


Per reports, the attackers gained access to approximately 300 computers, hacked routers, and distributed malware in the lead-up and during the event’s ceremonies.  Initial findings by at least one computer security company concluded that the attack had started a year in advance.  The attackers could have destroyed computers, according to the company’s researchers, but had restrained themselves, erasing only the backup files on Windows machines.  Conclusions were made that the attack was an attempt to send a political message.  As of this writing, the initial vector of attack has not been determined or at least not made public, although speculation is that prior access was gained and used to launch this attack.


According to one news source citing U.S. intelligence officials, Russian spies were behind the cyber attack with the purpose of retaliating for the Olympics suspension of Russia being allowed to compete in the games due to a doping scandal.  Of note, these officials believe that the attack was intended to be a “false-flag” operation as the attackers are alleged to have used North Korean IP addresses and other “tactics” to make it appear like North Korea was behind the attacks.  No evidence has been produced thus far by the government as it had done when supporting its claims of North Korea’s culpability in the Sony hack.


While there may very well be classified information that helps attribute this activity, motivation is largely the incriminating bit of evidence that points to Russian culpability.  Paying back the International Olympic Committee (IOC) for not allowing Russian athletes to compete under the national flag would be consistent with fervent Russian nationalism and its need to protect all aspects of its cultural identity.  Russian state or state-affiliated actors are alleged to have orchestrated previous cyber attacks against Olympic targets, notably the 2016 cyber attack against the World Anti-Doping Agency in which the attackers gained access to athlete data, including confidential medical data, and made it public.


If the motive is going to be the primary factor in attribution (note, malware analysis provided no clues incorporating traits of malware used by a variety of suspected state actors), at the time of the attack, only two governments were probable suspects – North Korea and Russia.  However, after tumultuous events over nuclear weapon development and missile firing, North Korea made grand diplomatic overtures to South Korea and ultimately marched with it under one flag.  It would seem improbable that it would want to detract from headway made via its Olympic diplomacy with a nuisance attack.

Still stinging from its inability to walk under its flag, Russia seems like the probable suspect behind the cyber attack, wanting to express its dissatisfaction toward the IOC.  If true, the fact that it could have and didn’t is testament that Russia wanted to register displeasure, not punish South Korea for the IOC’s decision.


However, what gives pause is the reason why – if reporting stands correct – that state actors of the Russian government were needed to conduct a false-flag attack to simply demonstrate its discontent with the IOC.  Simply, a false-flag operation is where an attacker tries to make their actions look as if it was the work of another known attacker.  In cyberspace such an endeavor is simple to achieve especially when the tactics, techniques, and procedures (TTP) that often include methods of operations, malware, command-and-control architecture are published for global consumption as Indicators of Compromise.  In this instance, the attack blended TTPs and the digital fingerprints of threat actors connected to North Korea, China, and Russia.

Cyber proxies such as non-state hacker groups are perfect agents for states wanting to send a signal to a government without committing its own resources.  There is a level – albeit shallow – of plausible deniability that an aggressor state can claim and still intimate to the victim of its tacit involvement in the attack.  Russia has at its disposal a capable cyber criminal underground, as well as nationalistic youth groups that could have achieved a similar effect.  This was evidenced in 2007 when one such group claimed responsibility for the cyber attacks against Estonia for the removal of a Soviet war memorial.

The use of state actors to commit a cyber equivalent of a tantrum raises eyebrows.  According to one source, the Russian state hackers behind this attack were the same that have been engaged in cyber attack against Ukraine.  Making a public statement doesn’t seem the type of operation an elite unit would be called upon to execute.


So why the false-flag?  There are a few possibilities.  One, Russia wanted to test using the TTPs of other nations in an operation to gauge how defenders would determine their findings.  Two, Russia may have “signaled” to nations like the United States – and those private sector companies following their alleged activities – that it would be implementing false-flags in future operations, essentially making technical indicators and digital and technical analysis for attribution, useless.  Three, maybe the Cyber attack achieved another objective in addition to expressing its anger.  Did another attack, perhaps more surreptitious, occur simultaneously against another target while all eyes were focused on this?

Russia’s cyber operations (including cyber attacks) have been described from anything from being sloppy to being among the most advanced actors in the world.  Perhaps the question that should be asked is why did Russia want a “false flag” operation to be so easily attributed?

Perhaps the answer lies with the simplest answer: that it was just the easiest path to take.  And in a world where there is no international consensus of state behavior in cyberspace, the landscape favors the attackers until the defenders figure out how to respond to them with enough conviction to alter attacker behavior.   No one looks to have that answer.

This is a guest post written by Emilio Iasiello

With the near-defeat of ISIS’ ground presence, speculation is that the group will rely more on cyberspace to maintain its relevancy.  This is unsurprising as ISIS has continuously demonstrated its proficiency on the Internet, particularly for propaganda and recruitment campaigns.  The group achieved considerable success in influencing target audiences, and at one time, was credited with being able to disseminate approximately 90,000 messages a day.  Many of the hacking incidents attributed to ISIS or its sympathizers focused on exploiting global news organizations, inserting pro-ISIS messages on websites and Twitter accounts.  Perhaps more impressively, individuals associated with the extremist organization were suspected of hacking the United States Central Command’s Twitter account, posting propaganda videos and threatening messages.


ISIS propaganda machine remains a cornerstone of the group’s resilience and survivability, making any attempts to eliminate individual accounts akin to what some have called “whack-a-mole” futility.  In 2017, ISIS supporters used more than 400 separate online platforms to pump out propaganda despite laudable efforts by social media platforms like Facebook and Twitter that actively search for and suspend suspected terrorist/extremist accounts.  Such hinderances have encouraged the development of technologies to assist in this effort.  The United Kingdom, for example, is leveraging software able to detect 94 percent of ISIS propaganda, scanning millions of video and audio files with a 99 percent accuracy rate.


While these efforts are very promising in reducing ISIS’ and other extremist groups’ presence in global social media platforms, they don’t address the root of the problem – the message itself.  This has been an ongoing problem for governments and one that has continually challenged U.S. counter-messaging strategies.  The lack of success by any government to mitigate the influence of ISIS propaganda has led some to conclude that perhaps governments’ tactics of trying to deny ISIS’ ability to use cyberspace may not be the key to success.


Indeed, these individuals have proven adept at using advanced technologies to such a degree that it may not be possible to truly mitigate their use of the Internet.  ISIS members and associates have been reported to use the latest and greatest  technologies including: anonymous-enabling communications, virtual private networks, encrypted e-mail services, and encrypted messengers, among others.  Short of trying to institute an authoritarian grip on all available technologies (which does not guarantee success), there are too many alternatives that are available or being developed to make denying use of cyber-related devices a credible course of action for the long term.


That leaves having the right message that can compete with the one being spread by ISIS and other extremist groups.  Thus far, nothing has proven effective in curbing recruitment or attracting lone-wolf actors to commit horrible acts of violence.  In order to understand why propaganda works, it’s necessary to understand its intended audience, the psychological effects of propaganda on the intended target, and the socio-political effects it will have both on the target and the surrounding environment.  Any counter-messaging strategy must take into account all of these considerations.  More importantly, there can be no “one size fits all” messaging, as any content needs to be tailored to address the unique diverse backgrounds and cultures of ISIS’ members and followers.  And that may be where previous efforts have fallen short.


There is an opportunity to investigate what causes people from different countries to respond to radical ideology, and to understand what in the message is attractive enough to unite different socio-cultural backgrounds under the banner of an extremist world view.   We must not be satisfied with having put ISIS on the run.  Instead, we should invest this time in interviewing the persons involved to get a better idea of why they committed to extremism in the hopes of preventing another group like ISIS to emerge.

This is a guest post written by Emilio Iasiello

According to recent reports, the United States government is considering building a 5G network, a step designed to bolster the country’s cyber security posture and guard against attacks, particularly from nation states believed to be conducting hostile acts of espionage.  This information is alleged to have come from sensitive documents obtained by Axios. Per these documents, there appears some question as to whether the government would build and run it, leasing out access to national telecommunications carriers, or that wireless providers in the United States build their own 5G networks that would compete with one another.  Another news source, reported similar findings, conveying that the government is interested in building a secure 5G network and will work with industry to accomplish this objective.


5G networks are wireless networks designed to improve connectivity for home broadband networks, as well as mobile devices such as smartphones and tablets and even self-driving cars – essentially Internet of Things devices.  There are some indications that speed will improve 10 times that of current 4G capability.  To provide some perspective to this marker, that’s sufficient to stream “8K” video or download a 3D movie in 30 seconds, according to one news outlet.  A very substantial advantage is the closing the lag time between devices, making communication more streamlined and efficient.

There is skepticism if the government will actually fund such an endeavor, with estimated costs expected to balloon to hundreds of millions of dollars.  Making connections stronger and communications more fluid would require more technology to be installed almost everywhere.  Some believe that 5G networks will bolster current 4G network architecture supporting existing technology, indicating that a full 5G adoption an unlikely result.

Nevertheless, whether the government gets involved in this process or not, the four main carriers in the United States – Verizon, ATT&T, T-Mobile, and Sprint – are all engaged in developing 5G technology meaning that the move toward the fifth generation of mobile networks is forthcoming.  In late 2017, the first 5G specification was officially completed, covering a range of spectrum from 600 and 700 MHz bands to millimeter wave of the spectrum at 50 GHz.

Propelling forward on implementing a 5G network has been touted as a security consideration.  Being able to develop a secure 5G network has been categorized as helping to curb hostile nation threats posed by governments like China that have been accused of conducting industrial and traditional espionage against U.S. public and private interests.

But it is also seen as a way to compete with China, which is considered as the leader in developing 5G technology.  According to a company that tailors analysis and commentary for its clients, 5G technology will be in place by 2020 with more than a billion users by 2023, and more than half of that based in China.

It remains to be seen the extent – if any – of the United States government in spearheading a 5G rollout.  In December 2017’s National Security Strategy statement, the president promised to improve “America’s digital infrastructure by deploying a secure 5G Internet capability nationwide.”  Thus far, the president has tried to fulfill his promises, intimating that government may find a role for itself someplace in this effort.  However, potential government intervention is not without its detractors.  Critics, including the head of the Federal Communications Commission, believe that government involvement would be meddlesome, potentially hampering innovation and investment.

There are always reasons why something can’t happen – insurmountable obstacles, cost, disrupting the norm.  Unfortunately, as history has proven, these often have trumped security considerations.  Therefore, any government discussions of creating  a new network with security in mind at the design level rather than after its completion and installment is very promising.  Many times, new technologies are brought to market at the expense of its users for the sake of being the first and displaying innovation.  Security continues to take a back seat to capitalizing on market share and making profit.  This cycle needs to be broken if there is any true interest in improving cyber security.  In this regard, government working closely with the telecommunications carriers in creating a 5G network would be advantageous, as long as it ensures that 5G network security remains a priority.

This is a guest post written by Emilio Iasiello

As 2018 commences, cyberspace remains in constant flux, a dynamic landscape that still favors hostile actors’ freedom of movement over the efforts of network defenders. Nation states continue to leverage the anonymity afforded to them in the digital sphere to conduct an array of offensive operations.  Indeed, much attention has been focused on nation-state cyber activity by security vendors and news sites tracking suspected government or government-sponsored actors as they steal information and money, and conduct aggressive attacks on infrastructure, and influence national elections.  Perhaps unsurprisingly, the increased international attention on these events has not served to deter these actors, but in some instances, have reaffirmed the need for all governments to be able to conduct similar operations to support their own national interests.  In a recent United Kingdom intelligence report, Russian security services demonstrated a “go and see what happens” attitude towards conducting offensive cyber activities.  Such an assessment certainly suggests there is little cause to fear any serious repercussion for such actions.

Continue reading

In mid-December 2017, the White House signed the $700 billion National Defense Authorization Act (NDAA).  The law sets policies and budget guidelines for the U.S. military for the next fiscal year, including cyber-related projects and initiatives. While established cyber programs are bolstered by the Act, the 2018 NDAA proscribes some new efforts.  For example, all Kaspsersky products and services (including from company subsidiaries) are prohibited across the Department of Defense (DoD), an initiative working in tandem with the Department of Homeland Security’s (DHS) push to ban Kaspersky from federal government offices.  Similarly, in an effort to safeguard U.S. communications channels from cyber risks, the NDAA forbids the acquisition of satellite technology from a foreign country or any company affiliated with one.  These mandates are important as they acknowledge the potential threats that exist when acquiring technologies and/or services from sources outside a secure chain.


Of particular note, is a provision that could force the federal government to upgrade its out-of-date IT systems. The Modernizing Government Technology Act (MGTA), which was enacted in tandem with the NDAA, creates a $500 million fund over the course of two years to be used for modernizing legacy IT systems.  Trying to secure old and outdated legacy systems has been thorn in the side of government cyber security efforts.  In 2016, 71 percent of federal IT system administrators used old operating system to run important applications.  The MGTA will provide necessary funding to address these technical shortcomings.

Continue reading

GDPR deadline is approaching

Breaches and ransomware attacks are more prevalent than ever, and concern for protecting data is mounting on a global scale.

Toward that end, the EU has put forth its General Data Protection Regulation (GDPR), but no legislation can be implemented without having some consequences on the businesses that must comply with the laws. Given that GDPR aims to standardize data privacy laws and mechanisms across industries, there are few sectors that will not be greatly impacted.

Any company that directly or indirectly controls or processes the personally identifiable information (PII) of EU citizens will be affected by GDPR changes. Both terms ‘data controller’ and ‘data processor’ are broadly defined, which means that virtually every company will be impacted by these changes. For small businesses, dealing with these data collection and processing regulations will be overwhelming, if not crippling.

Continue reading

2018 cybersecurity predictions

This is the time of the year when all the cybersecurity company and media outlets race to summarize the last year and predict what lies ahead in 2018. But most of these predictions concentrate on cyber trends (both cybercrime and cyber- espionage) and fail to touch upon the industry we are all part of. So we at CyberDB have made a little extra effort and try to predict the trends that will dominate the cybersecurity industry in 2018.

1. Consolidation

A trend that has played a major role in 2017, with several prominent M&A deals- such as Palo Alto Networks buying lightcyber, Microsoft buying Hexadite , and Symantec buying Fireglass and Skycure. We predict this trends will intensify in 2018- with more companies reaching product maturity and failing to raise further capital (and with IPO looking like a distant option for many of the small to mid-sized companies). We said the same regarding 2016 and 2017, and we really feel the industry and customers will benefit from a smaller amount of “feature” solutions in comparison to platforms and integrated offerings.

Continue reading

In August 2013, the American Institute of Aeronautics and Astronautics (AIAA), the professional society for the field of aerospace engineering, convened a civil aviation conference in which cybersecurity was discussed at an industry level.  Upon completion of the conference that was attended by foreign carriers, A Framework for Cybersecurity Aviation was published that provided a strategic path forward by identifying key focal areas such as common cybersecurity aviation standards, developing and implementing a cybersecurity culture, understanding cyber risks and being able to communicate them to bolster situational awareness, and strengthening the defensive system. Since that time, several international conferences discussing aviation cyber security have been held.

Given the global nature of civil aviation, the framework is an important document addressing many of the concerns that impacts the international civil aviation community.

Continue reading